debian安装nginx 1.6方法
nginx启用spdy支持

SSL数字证书生成方法

妙音 posted @ 2014年11月13日 09:31 in nginx with tags openssl;数字证书; , 2100 阅读

安装openssl

yum install openssl

生成密钥

openssl genrsa -des3 -out openssl.key 1024  
[wyq@localhost ssl]$ openssl genrsa -des3 -out openssl.key 1024
Generating RSA private key, 1024 bit long modulus
..............++++++
...............++++++
e is 65537 (0x10001)
Enter pass phrase for openssl.key:  (输入密码)
Verifying - Enter pass phrase for openssl.key: (确认输入输入密码)

生成证书

openssl req -new -x509 -key openssl.key -out openssl.crt -days 3650  
[wyq@localhost ssl]$ openssl req -new -x509 -key openssl.key -out openssl.crt -days 3650
Enter pass phrase for openssl.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:cn (国家)
State or Province Name (full name) []:hubei (省份)
Locality Name (eg, city) [Default City]:wuhan (城市)
Organization Name (eg, company) [Default Company Ltd]:aa (公司)
Organizational Unit Name (eg, section) []:it (部门)
Common Name (eg, your name or your server's hostname) []:wyq (名字)
Email Address []:562798392@qq.com (邮件地址)

不用密码的密钥

openssl rsa -in openssl.key -out openssl_nopass.key  
[wyq@localhost ssl]$ openssl rsa -in openssl.key -out openssl_nopass.key 
Enter pass phrase for openssl.key: (输入上面设定的密码)
writing RSA key

开启nginx的ssl

server{
    ....
    listen 443 ssl;
    ssl_certificate /home/wyq/ssl/openssl.crt;
    ssl_certificate_key /home/wyq/ssl/openssl_nopass.key;
    ....
}
访问https://localhost 出现"Welcome to nginx ...",好了,配置成功.
 
 

登录 *


loading captcha image...
(输入验证码)
or Ctrl+Enter