一、通过openssl命令自建证书
1、创建私钥:
openssl genrsa -out server.key 1024
2、证书请求:
openssl req -new -out server.csr -key server.key
3、自签署证书:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
4、将证书变成浏览器支持的.p12格式
openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
二、Nginx 配置
server {
listen 443 ssl;
server_name test.com www.test.com;
ssl_certificate /root/server.crt;
ssl_certificate_key /root/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://www.test.com;
}
}
声明:本站所有文章和图片,如无特殊说明,均为原创发布,转载请注明出处。