Nginx+Https自己敲命令生成证书

一、准备

  环境:centos6.8

  nginx:1.13.6

二、开始

  首先安装依赖包:

   yum install -y gcc gcc-c++ autoconf automake make zlib zlib-devel openssl openssl-devel pcre pcre-devel

  开始安装

  tar -xf nginx-1.13.6.tar.gz

  cd nginx-1.13.6

  ./configure --prefix=/usr/local/nginx --with-pcre --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module

  make && make install

三、配置https签名证书

创建https证书存放目录:mkdir cert

  创建私钥:openssl genrsa -des3 -out https.key 1024

  创建签名请求证书:openssl req -new -key https.key -out https.csr

  在加载SSL支持的Nginx并使用上述私钥时除去必须的口令:

cp https.key https.key.org

openssl rsa -in https.key.org -out https.key

最后标记证书使用上述私钥和CSR和有效期:openssl x509 -req -days 365 -in https.csr -signkey https.key -out https.crt

四、配置nginx的https

配置vim nginx.conf

server {

    listen       443 ssl;

    server_name  192.168.2.90;

    ssl_certificate      /usr/local/nginx/cert/https.crt;

    ssl_certificate_key  /usr/local/nginx/cert/https.key;

# ssl_session_cache shared:SSL:1m;

    ssl_session_timeout  5m;

# ssl_ciphers HIGH:!aNULL:!MD5;

#    ssl_prefer_server_ciphers  on;

location / {

                 root   html;

        index  index.html index.htm;

    }

}

五、完成

启动nginx :/usr/local/nginx/sbin/nginx

有问题改配置后平滑重启nginx:/usr/local/nginx/sbin/nginx -s reload

用浏览器访问:https://ip

注意:自己创建的证书浏览器会提示危险,选择通过就可以了。

你可能感兴趣的:(java,linux)