自建SSL证书
生成自建证书文件
# 1、生成私钥文件,输入秘钥:1234
openssl genrsa -des3 -out server.key 2048
# 查看私钥内容
openssl rsa -text -in server.key
# 2、根据私钥创建证书签名请求 CSR 文件
openssl req -new -key server.key -out server.csr
# 查看 CSR 文件
openssl req -text -in server.csr -noout
# 3、生成CA证书(产生server.crt文件)
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# 4、生成免密文件
openssl rsa -in server.key -out server.key.unsecure
# Nginx配置文件ssl配置
```bash
server {
listen 443 ssl;
# 内网机器需要配置宿主机的host文件域名映射
server_name 47.108.254.100;
# ssl_certificate /opt/nginx/nginx/cert/server.crt;
ssl_certificate /opt/nginx/nginx/cert/server.key.unsecure;
# ssl_certificate_key /opt/nginx/nginx/cert/server.key;
ssl_certificate_key /opt/nginx/nginx/cert/server.key.unsecure;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
nginx -t 检查配置,然后重启nginx
-
SSL证书错误怎么办?浏览器常见SSL证书报错解决办法:https://zhuanlan.zhihu.com/p/537880970
-
nginx开启SSL模块:http://events.jianshu.io/p/2fba66b52cd9
-
nginx配置SSL证书实现https服务:https://www.cnblogs.com/tugenhua0707/p/10940977.html
-
nginx开启HSTS让浏览器强制跳转HTTPS访问:https://www.cnblogs.com/tugenhua0707/p/10945934.html
-
Nginx配置SSL安全证书避免启动输入Enter PEM pass phrase:https://blog.csdn.net/qq_15266719/article/details/129195669
-
数字证书及openssl命令详解:https://blog.csdn.net/humanhaunt/article/details/109294856
-
Java 生成X.509 V3证书:https://blog.csdn.net/gybshen/article/details/127494790
