Nginx-学习目录
1、创建存放证书目录
mkdir -p /etc/nginx/ssl_key && cd /etc/nginx/ssl_key/
2、创建证书
使用openssl命令充当CA权威机构创建证书(生产不使用此方式生成证书,不被互联网认可,不可信的证书
2.1、创建CA的密钥【手动创建密钥】
]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..........+++
..........+++
e is 65537 (0x10001)
Enter pass phrase for server.key: # 这里我使用的密码为root,密码需在记录下来,后面大有用
Verifying - Enter pass phrase for server.key:
2.2、创建自签证书【一次性创建公钥和密钥】
]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2038 -keyout server.key -out server.crt
Generating a 2038 bit RSA private key
..+++
....+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn 【国家】
State or Province Name (full name) []:gd 【省份】
Locality Name (eg, city) [Default City]:sz 【城市】
Organization Name (eg, company) [Default Company Ltd]:edu 【公司】
Organizational Unit Name (eg, section) []:cyc 【单位】
Common Name (eg, your name or your server's hostname) []:cyc.com 【服务器主机名】
Email Address []:test@qq.com 【邮箱】
# req-->用于创建新的证书
# new -->表示创建的是新证书
# x509 -->表示定义证书的格式为标准格式
# key-->表示调用的私钥文件信息
# out -->表示输出证书文件信息
# days -->表示证书的有效期
