SSL数字证书生成方法
妙音
posted @ 2014年11月13日 09:31
in nginx
with tags
openssl;数字证书;
, 3087 阅读
安装openssl
yum install openssl
生成密钥
openssl genrsa -des3 -out openssl.key 1024
[wyq@localhost ssl]$ openssl genrsa -des3 -out openssl.key 1024 Generating RSA private key, 1024 bit long modulus ..............++++++ ...............++++++ e is 65537 (0x10001) Enter pass phrase for openssl.key: (输入密码) Verifying - Enter pass phrase for openssl.key: (确认输入输入密码)
生成证书
openssl req -new -x509 -key openssl.key -out openssl.crt -days 3650
[wyq@localhost ssl]$ openssl req -new -x509 -key openssl.key -out openssl.crt -days 3650 Enter pass phrase for openssl.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:cn (国家) State or Province Name (full name) []:hubei (省份) Locality Name (eg, city) [Default City]:wuhan (城市) Organization Name (eg, company) [Default Company Ltd]:aa (公司) Organizational Unit Name (eg, section) []:it (部门) Common Name (eg, your name or your server's hostname) []:wyq (名字) Email Address []:562798392@qq.com (邮件地址)
不用密码的密钥
openssl rsa -in openssl.key -out openssl_nopass.key
[wyq@localhost ssl]$ openssl rsa -in openssl.key -out openssl_nopass.key Enter pass phrase for openssl.key: (输入上面设定的密码) writing RSA key
开启nginx的ssl
server{
....
listen 443 ssl;
ssl_certificate /home/wyq/ssl/openssl.crt;
ssl_certificate_key /home/wyq/ssl/openssl_nopass.key;
....
}
访问https://localhost 出现"Welcome to nginx ...",好了,配置成功.
评论 (0)
