Linux下生成https证书并且进行nginx配置

1，https证书生成

# 生成密钥server.key，需要输入密码pass
openssl genrsa -des3 -out server.key 2048
# 去除server.key中的密码，防止以后重复输入
openssl rsa -in server.key -out server.key
# 创建服务器证书的申请文件server.csr
openssl req -new -key server.key -out server.csr
# 创建CA证书 ca.crt
openssl req -new -x509 -key server.key -out ca.crt -days 3650
# 创建自当前日期起有效期为期十年的服务器证书server.crt
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt

 

2，nginx配置

server {

  listen 443;
  server_name www.server.com;
  ssl on;
  ssl_certificate /path/to/server.crt;#配置证书位置
  ssl_certificate_key /path/to/server.key;#配置秘钥位置
  #ssl_client_certificate ca.crt;#双向认证
  #ssl_verify_client on; #双向认证
  ssl_session_timeout 5m;
  ssl_protocols SSLv2 SSLv3 TLSv1;
  ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers on;
  location / {
            root   html;
            index  index.html index.htm;
        }

}