1. 创建证书请求文件
条件:私钥+证书签名请求+openssl
yum install -y openssl
mkdir /root/ssl/ && cd /root/ssl/
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr

2. 由证书机构颁发证书
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

server.key -- 私钥
server.csr -- 证书签名请求
server.crt -- 自签名证书


3. 配置nginx
server {
  listen 3666 ssl;  # port
  server_name www.server.com; # host
  ssl_certificate /root/ssl/server.crt;  #上面文件的路径
  ssl_certificate_key /root/ssl/server.key;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!MD5;

  root /var/ror/cas/public; #Rails应用的目录

  passenger_enabled on;
  passenger_ruby /usr/local/rvm/gems/ruby-2.3.0/wrappers/ruby;

  access_log /var/ror/logs/access.log;
  error_log /var/ror/logs/error.log;
}

参考:https://devcenter.heroku.com/articles/ssl-certificate-self
参考:http://nginx.org/en/docs/http/configuring_https_servers.html

posted on 2016-09-09 15:20  oslivan  阅读(996)  评论(0编辑  收藏  举报