D7-Nginx-SSL
1 準備SSL證書
- mkdir /usr/local/nginx/conf/ssl
- cd /usr/local/nginx/conf/ssl
//生成私鑰
//rsa私鑰(帶密碼),des3 算法, 1024 位強度
- openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......++++++
...................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: #password
Verifying - Enter pass phrase for server.key: #再次輸入
//生成證書請求文件
//提示輸入國家、省份、城市、域名信息等,重要的是email 一定要是你的域名後綴的,比如 [email protected] 並且能接受郵件!
- openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: #前面的密碼
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:GZ
Locality Name (eg, city) [Newbury]:GZ
Organization Name (eg, company) [My Company Ltd]:YK
Organizational Unit Name (eg, section) []:YK
Common Name (eg, your name or your server's hostname) []:test.com
Email Address []:jonas@test.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
//生成私鑰(不含密碼)
- cp server.key server.key.org
- openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org: #前面的密碼
writing RSA key
//生成證書
- openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=BJ/L=BJ/O=YK/OU=YK/CN=test.com/[email protected]
Getting Private key
2 配置 Nginx
- chmod -R 600 /usr/local/nginx/conf/ssl
- vim /usr/local/nginx/conf/vhosts/proxy.conf
- listen 443 ssl;
- server_name client.test.com;
- ssl_certificate ssl/server.crt;
- ssl_certificate_key ssl/server.key;
通過https://api.test.com訪問,看是否出現證書提示。