1 准备SSL证书
01.mkdir /usr/local/nginx/conf/ssl 02.cd /usr/local/nginx/conf/ssl //生成私钥
//rsa私钥(带密码),des3 算法, 1024 位强度01.openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus
.......++++++ ...................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: #password Verifying - Enter pass phrase for server.key: #再次输入//生成证书请求文件
//提示输入国家、省份、城市、域名信息等,重要的是email 一定要是你的域名后缀的,比如 并且能接受邮件!01.openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: #111111
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:BJ Locality Name (eg, city) [Newbury]:BJ Organization Name (eg, company) [My Company Ltd]:YK Organizational Unit Name (eg, section) []:YK Common Name (eg, your name or your server's hostname) []:test.com Email Address []:dongnan@test.comPlease enter the following 'extra' attributes
to be sent with your certificate request A challenge password []: An optional company name []://生成私钥(不含密码)
01.cp server.key server.key.org 02.openssl rsa -in server.key.org -out server.key Enter pass phrase for server.key.org: #111111
writing RSA key//生成证书
01.openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok
Getting Private key
2 配置 Nginx
chmod -R 600 /usr/local/nginx/conf/ssl
vim /usr/local/nginx/conf/vhosts/proxy.conf listen 443 ssl; server_name client.test.com; ssl_certificate ssl/server.crt; ssl_certificate_key ssl/server.key; nginx -t && nginx -s reload