自建SSL证书

生成自建证书文件

# 1、生成私钥文件，输入秘钥：1234
openssl genrsa -des3 -out server.key 2048
# 查看私钥内容
openssl rsa -text -in server.key

# 2、根据私钥创建证书签名请求 CSR 文件
openssl req -new -key server.key -out server.csr
# 查看 CSR 文件
openssl req -text -in server.csr -noout

# 3、生成CA证书(产生server.crt文件)
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# 4、生成免密文件
openssl rsa -in server.key -out server.key.unsecure

# Nginx配置文件ssl配置

```bash
    server {
        listen       443 ssl;
        # 内网机器需要配置宿主机的host文件域名映射
        server_name  47.108.254.100;

        # ssl_certificate      /opt/nginx/nginx/cert/server.crt;
        ssl_certificate        /opt/nginx/nginx/cert/server.key.unsecure;

        # ssl_certificate_key  /opt/nginx/nginx/cert/server.key;
        ssl_certificate_key    /opt/nginx/nginx/cert/server.key.unsecure;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

nginx -t 检查配置，然后重启nginx

• SSL证书错误怎么办？浏览器常见SSL证书报错解决办法：https://zhuanlan.zhihu.com/p/537880970

• nginx开启SSL模块：http://events.jianshu.io/p/2fba66b52cd9

• nginx配置SSL证书实现https服务：https://www.cnblogs.com/tugenhua0707/p/10940977.html

• nginx开启HSTS让浏览器强制跳转HTTPS访问：https://www.cnblogs.com/tugenhua0707/p/10945934.html

• Nginx配置SSL安全证书避免启动输入Enter PEM pass phrase：https://blog.csdn.net/qq_15266719/article/details/129195669

• 数字证书及openssl命令详解：https://blog.csdn.net/humanhaunt/article/details/109294856

• Java 生成X.509 V3证书：https://blog.csdn.net/gybshen/article/details/127494790