[root@web01 ~]# mkdir /etc/nginx/ssl_key[root@web01 ~]# cd /etc/nginx/ssl_key/
3、证书生成
#秘钥生成
openssl genrsa -idea -out server.key 2048
#证书生成
openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
# req --> 用于创建新的证书# new --> 表示创建的是新证书 # x509 --> 表示定义证书的格式为标准格式# key --> 表示调用的私钥文件信息# out --> 表示输出证书文件信息# days --> 表示证书的有效期[root@web01 ssl_key]# openssl genrsa -idea -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..................................................................................................................................+++
...............................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@web01 ssl_key]# openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
...................................................+++
.................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code)[XX]:China
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code)[XX]:zg
State or Province Name (full name)[]:riben
Locality Name (eg, city)[Default City]:bali
Organization Name (eg, company)[Default Company Ltd]:oldboy
Organizational Unit Name (eg, section)[]:oldboy
Common Name (eg, your name or your server's hostname)[]:maliao
Email Address []:123@qq.com
You have new mail in /var/spool/mail/root
[root@web01 ssl_key]# [root@web01 ssl_key]# ll
total 8
-rw-r--r-- 1 root root 1375 Mar 5 15:15 server.crt #证书文件
-rw-r--r-- 1 root root 1704 Mar 5 15:15 server.key #秘钥文件
4、证书语法配置
#启动ssl功能
Syntax: ssl on | off;#语法
Default: ssl off;
Context: http, server #使用环境#证书文件
Syntax: ssl_certificate file;
Default: —
Context: http, server
#私钥文件
Syntax: ssl_certificate_key file;
Default: —
Context: http, server