发布网友 发布时间:2022-04-20 01:13
共4个回答
热心网友 时间:2022-04-14 08:14
1、创建SSL证书
1.1生产私钥,openssl genrsa -des3 -out xn2.lqb.com.key 2048。此命令将生成2048位的RSA私钥,使用DES3算法,私钥文件名可任意命名,在Nginx配置中指定文件路径即可,会提示设定私钥密码,请设置密码,并牢记。
[root@Monitorssl]#opensslgenrsa-des3-outxn2.lqb.com2048 GeneratingRSAprivatekey,2048bitlongmolus …………………………….+++ ……………………………………………….+++ eis65537(0x010001) Enterpassphraseforxn2.lqb.com: Verifying-Enterpassphraseforxn2.lqb.com:
1.2以上生产的key是有密码的,如果把密码去除,执行如下命令openssl rsa -in xn2.lqb.com -out xn2.lqb.com_nopwd.key
[root@Monitorssl]#ls xn2.lqb.com [root@Monitorssl]#opensslrsa-inxn2.lqb.com-outxn2.lqb.com_nopwd.key Enterpassphraseforxn2.lqb.com: writingRSAkey
1.3由已生产的私钥生成证书请求文件CSR。openssl rsa -in xn2.lqb.com -out xn2.lqb.com_nopwd.key
[root@Monitorssl]#opensslrsa-inxn2.lqb.com-outxn2.lqb.com_nopwd.key Enterpassphraseforxn2.lqb.com: writingRSAkey [root@Monitorssl]#opensslreq-new-keyxn2.lqb.com-outxn2.lqb.com.csr Enterpassphraseforxn2.lqb.com: Youareabouttobeaskedtoenterinformationthatwillbeincorporated intoyourcertificaterequest. WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN. Therearequiteafewfieldsbutyoucanleavesomeblank Forsomefieldstherewillbeadefaultvalue, Ifyouenter’.’,thefieldwillbeleftblank. —– CountryName(2lettercode)[AU]:CN StateorProvinceName(fullname)[Some-State]:shanghai LocalityName(eg,city)[]:shanghai OrganizationName(eg,company)[InternetWidgitsPtyLtd]:xn2.lqb.com OrganizationalUnitName(eg,section)[]:IT CommonName(e.g.serverFQDNorYOURname)[]:xn2.lqb.com EmailAddress[]:2223344@qq.com Pleaseenterthefollowing’extra’attributes tobesentwithyourcertificaterequest Achallengepassword[]: Anoptionalcompanyname[]: [root@Monitorssl]#ls xn2.lqb.comxn2.lqb.com.csrxn2.lqb.com_nopwd.key
1.4.证书请求文件CSR文件必须有CA的签名才能形成证书,可以将此CSR发给StartSSL(可免费)、verisign(一大笔钱)等地方由他来验证。也可以自己做CA,自己给自己颁发证书。创建一个自己签署的CA证书。openssl req -new -x509 -days 3650 -key xn2.lqb.com -out xn2.lqb.com.crt
[root@Monitorssl]#opensslreq-new-x509-days3650-keyxn2.lqb.com-outxn2.lqb.com.crt xn2.lqb.comxn2.lqb.com.csrxn2.lqb.com_nopwd.key [root@Monitorssl]#opensslreq-new-x509-days3650-keyxn2.lqb.com_nopwd.key-outxn2.lqb.com.crt Youareabouttobeaskedtoenterinformationthatwillbeincorporated intoyourcertificaterequest. WhatyouareabouttoenteriswhatiscalledaDistinguishedNameoraDN. Therearequiteafewfieldsbutyoucanleavesomeblank Forsomefieldstherewillbeadefaultvalue, Ifyouenter’.’,thefieldwillbeleftblank. —– CountryName(2lettercode)[AU]:CN StateorProvinceName(fullname)[Some-State]:Shanghai LocalityName(eg,city)[]:shanghai OrganizationName(eg,company)[InternetWidgitsPtyLtd]:lqb.com OrganizationalUnitName(eg,section)[]:IT CommonName(e.g.serverFQDNorYOURname)[]:xn2.lqb.com EmailAddress[]: [root@Monitorssl]#ls xn2.lqb.comxn2.lqb.com.crtxn2.lqb.com.csrxn2.lqb.com_nopwd.key
2、配置nginx虚拟主机文件
[root@Monitorssl]#vim../server.conf server{ listen80; server_namexn2.lqb.com; root/html/xn2; #rewrite^/(.*)$https:xn3.lqb.com/$1permanent; location/{ indexindex.html; #proxy_cachemycache; #proxy_cache_valid2003h; #proxy_cache_valid30130210m; #proxy_cache_validall1m; #proxy_cache_use_staleerrortimeouthttp_500http_502http_503; # #proxy_passhttp://192.168.180.9; #proxy_set_headerHost$host; #proxy_set_headerX-Real-IP$remote_addr; } location/images/ { indexindex.html; } } server{ listen*:443; server_namexn2.lqb.com; sslon;###位虚拟主机开启ssl支持 ssl_certificate/usr/local/nginx/conf/server/ssl/xn2.lqb.com.crt;###为虚拟主机指定签名证书文件 ssl_certificate_key/usr/local/nginx/conf/server/ssl/xn2.lqb.com_nopwd.key;###为虚拟主机指定私钥文件 ##ssl_session_timeout5m;####客户端能够重复使用存储在缓存中的会话参数时间 root/html/xn3; location/images/{ indexindex.html; } location/{ proxy_passhttp://192.168.180.23; proxy_set_headerHost$host; proxy_set_headerX-Real-IP$remote_addr; } }
热心网友 时间:2022-04-14 09:32
nginx代码方式安装需要专业技术人员完成,具体步骤
确定好需要配置SSL证书域名进入淘宝中找到Gworg获取nginx类型的SSL证书
根据公开技术文档配置SSL证书:网页链接
建议安装:使用宝塔或者wdpc完成搭建nginx环境,可视化安装SSL证书更快。
注意事项:服务器(云服务器)防火墙与安全规则需要设置允许443端口。
热心网友 时间:2022-04-14 11:07
首选你需要申请一张https证书,一个可以访问的网站,以及拥有IP的服务器管理权限,https证书需要付费购买,也可以去沃通申请免费https证书,然后安装下面方法部署:
打开 Nginx 安装目录下 conf 目录中的 nginx.conf 文件找到
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
将其修改为 :
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate sslkey/wosign.com.crt; (证书公钥)
ssl_certificate_key sslkey/wosign.com.key; (证书私钥)
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
保存退出,并重启 Nginx。
通过 https 方式访问您的站点,测试站点证书的安装配置
我的服务器用的是小鸟云的,很稳定,挺不错的。
热心网友 时间:2022-04-14 12:58
Nginx服务器部署ssl证书的指南网页链接,写得很详细。如果是在GDCA申请的SSL证书,他们可以免费帮安装。