參考 https://www.cnblogs.com/hnxxcxg/p/7610582.html
1、openssl 操作 -- 生成私鑰
# 生成rsa私鑰,des3算法,2048位強度,server.key是祕鑰文件名,需要輸入口令,123456即可
openssl genrsa -des3 -out server.key 1024
2、openssl 操作 -- 生成 csr
openssl req -new -key server.key -out server.csr
3、openssl 操作 -- 刪除私鑰中的密碼
openssl rsa -in server.key -out server.key
4、openssl 操作 -- 生成自簽名證書
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
5、nginx 配置
server {
listen 443 ssl;
server_name 192.168.147.130;
ssl_certificate /usr/local/nginx/cert/server.crt;
ssl_certificate_key /usr/local/nginx/cert/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
location /images/ {
root /home/resources/;
}
}