nginx _ssl

cd /etc/pki/CA/

创建私钥：(umask 077; openssl genrsa -out private/cakey.pem 2018)
自签证书： openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3600

创建两个所需的文件： touch index.txt echo 01 > serial

为nginx 自己创建 证书
cd /etc/nginx/ mkdir ssl cd ssl

创建私钥：(umask 077; openssl genrsa -out nginx.key 1024)

自签证书 ：openssl req -new -key nginx.key -out nginx.csr

CA签署：openssl ca -in nginx.csr -out nginx.crt -days 3655

server {

listen       443 ssl;
server_name  www.magedu.com;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout  10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root /vhosts/web1;
index index.html index.htm;
}

}