nginx生成ssl证书

1、创建证书存放路径  

[root@nginx ~]# mkdir /home/nginx/ssl
[root@nginx ~]# cd /home/nginx/ssl

2、  生成根证书的私钥

[root@nginx ~]# openssl genrsa 1024 > /home/nginx/ssl/server.key
genrsa:产生rsa密钥命令 1024: 密钥的长度位数,默认为512

3、  生成证书签署请求,(创建服务器证书的申请文件server.csr)

>复制代码
[root@nginx nginx]# openssl req -new -key /home/nginx/ssl/server.key > /home/nginx/ssl/server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN    #国家名称
State or Province Name (full name) []:BJ  #州或省名称
Locality Name (eg, city) [Default City]:BJ    #城市
Organization Name (eg, company) [Default Company Ltd]:xiaoguaishou  #组织名称(例如,公司)
Organizational Unit Name (eg, section) []:OP      #组织单位名称(例如,部门)
Common Name (eg, your name or your server's hostname) []:127.0.0.1      #通用名称(例如,您的名称或服务器主机名)
Email Address []:xiaoguaishou@qq.com    #电子邮件地址

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:test@123    #密码
An optional company name []:xiaoguaishou    #可选公司名称
>复制代码

4、  创建服务器证书(有效期十年)

[root@nginx nginx]# openssl req -x509 -days 3650 -key /home/nginx/ssl/server.key -in /home/nginx/ssl/server.csr > /home/nginx/ssl/server.crt

5、查看生成的证书

[root@nginx ssl]# ls
server.crt server.csr server.key      #共生成3个文件

6、nginx配置证书

>复制代码
[root@nginx ]# vim /home/nginx/conf/nginx.conf

server {
listen 443 ssl;
server_name localhost;

ssl_certificate /home/nginx/ssl/server.crt;    #证书路径
ssl_certificate_key /home/nginx/ssl/server.key;  #证书路径

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root html;
index index.html index.htm;
}
}
>复制代码

7、重启nginx

[root@nginx nginx]# systemctl restart nginx.service

8、访问,测试 

浏览器:https://192.168.61.142