环境:nginx-1.4.0、php-5.4.13、openssl-1.0.1e
LINK: nginx php fpm多实例配置 openssl构建CA认证
配置nginx.conf

# HTTPS server 
    server {
        listen                  443 ssl default_server;
        server_name             localhost;
        ssl                     on;
        ssl_certificate         /usr/local/nginx/conf/ssl/server.pem;
        ssl_certificate_key     /usr/local/nginx/conf/ssl/serverkey.pem;
        ssl_client_certificate  /usr/local/nginx/conf/ssl/cacert.pem;#       ssl_trusted_certificate /usr/local/nginx/demoCA/cacert.pem;
        ssl_crl                 /usr/local/nginx/conf/ssl/crl.pem;#       ssl_stapling            on;#       ssl_stapling_verify     on;#       ssl_stapling_responder http://192.168.11.132/;
        ssl_verify_client       optional_no_ca;
        ssl_session_cache       shared:SSL:10m;
        ssl_session_timeout     5m; 
        ssl_protocols           SSLv2 SSLv3 TLSv1;
        ssl_ciphers             HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        ssl_verify_depth        1; 
 
        root            /usr/local/nginx/html;
        index           index.php index.html;
        location ~ \.php$ {
            fastcgi_pass        127.0.0.1:9000;
            include             fastcgi.conf;
            fastcgi_index  index.php;
            expires             off;
        }
    }