79) nginx添加linux自签ssl证书

1- 生成证书文件

openssl genrsa -out leman.com.key 2048 #创建根证书的私匙 

openssl req -new -subj "/C=CN/ST=GuangDong/L=ShenZhen/O=leman/OU=leman.com/CN=leman.com" -key leman.com.key -out leman.com.csr #用私钥创建签名请求 

openssl x509 -req -days 3650 -in leman.com.csr -signkey leman.com.key -out leman.com.crt #用Key签名证书

:/home/pi# openssl x509 -req -days 3650 -in leman.com.csr -signkey leman.com.key -out leman.com.crt
Signature ok
subject=C = CN, ST = GuangDong, L = ShenZhen, O = leman, OU = leman.com, CN = leman.com
Getting Private key

2- nginx配置ssl验证

ls -l /var/www/ssl/   #把证书移到该目录下
total 12
-rw-r--r-- 1 root root 1229 Jun 21 22:25 leman.com.crt
-rw-r--r-- 1 root root 1009 Jun 21 22:24 leman.com.csr
-rw------- 1 root root 1675 Jun 21 22:20 leman.com.key
##写入nginx配置文件
cat /etc/nginx/sites-enabled/leman.com.conf 
server {
	listen 443 ssl;
	server_name leman.com;
	root /var/www/https;
	index index.html;
	access_log /var/log/nginx/leman.com.access_log;
	ssl on;
	ssl_certificate /var/www/ssl/leman.com.crt;
	ssl_certificate_key /var/www/ssl/leman.com.key;
	ssl_session_timeout 5m;
	ssl_protocols SSLv2 SSLv3 TLSv1;
	ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_prefer_server_ciphers on;
}
mkdir -p /var/www/https/
echo "https test ssl key of  leman.com" > /var/www/https/index.html
systemctl restart nginx #重启nginx服务

3- 浏览器打开nginx服务器地址

79) nginx添加linux自签ssl证书

相关推荐