Nginx的CA认证搭建与应用

Nginx的CA认证


TCP/IP协议
HTTP协议 【明文传输协议】
HTTPS协议 【443】

https 带宽 加密------------------------>>解密
算法
对称密码 aes, des
非对称加密 rsa, dsa
信息摘要 md5,sha256

公钥
私钥

域名:相似的域名
骗子【钓鱼】

CA认证

加密认证的步骤
1、openssl生成私钥和证书
openssl genrsa -out my.key
openssl req -new -x509 -key my.key -out my.crt
2、设置配置文件,调用私钥和证书
3、客户验证,https:// 添加例外,导入

#cd /usr/local/nginx/conf
#openssl genrsa -out my.key //私钥
#openssl req -new -x509 -key my.key -out my.crt //自签名证书

[root@service nginx]#cd /usr/local/nginx/conf
[root@service conf]# openssl genrsa -out my.key
[root@service conf]# openssl req -new -x509 -key my.key -out my.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:guangdong
Locality Name (eg, city) [Default City]:guangzhou
Organization Name (eg, company) [Default Company Ltd]:tedu
Organizational Unit Name (eg, section) []:tech
Common Name (eg, your name or your server's hostname) []:lyd
Email Address []:lyd@163.com
[root@service conf]# ls
fastcgi.conf koi-win nginx.conf uwsgi_params
fastcgi.conf.default mime.types nginx.conf.default uwsgi_params.default
fastcgi_params mime.types.default pass win-utf
fastcgi_params.default my.crt scgi_params
koi-utf my.key scgi_params.default

service nginx]# vim /usr/local/nginx/conf/nginx.conf

server { //定义虚拟主机
listen 443 ssl;
server_name www.c.com;
ssl on; //开启SSL
ssl_certificate my.crt; //指定证书文件
ssl_certificate_key my.key; //指定私钥文件

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root web2;
index index.html index.htm;
}
}

[root@service nginx]# mkdir /usr/local/nginx/web2
[root@service nginx]# echo "jiami" > /usr/local/nginx/web2/index.html
[root@service nginx]# nginx -s reload

客户端浏览器进去访问

posted @ 2021-08-22 15:26  Linux刀客  阅读(323)  评论(0编辑  收藏  举报