An optional company name []: #一个可选的公司名称
#---------------------------------------------------------------------------------------------------------------
#输入完这些内容,就会在当前目录生成server.csr文件
cp server.key server.key.org
#对于使用上面的私钥启动具有SSL功能的NGINX
/usr/local/openssl/bin/openssl rsa -in server.key.org -out server.key
#---------------------------------
Enter pass phrase for server.key.org: zhoulf123
#---------------------------------
#使用上面的密钥和CSR对证书进行签名
/usr/local/openssl/bin/openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
修改nginx.conf文件,添加https配置内容:
#--------------------------------------------------------
# HTTPS server
server {
listen 443;
server_name localhost;
ssl on;
ssl_certificate /usr/local/nginx/ssl.ca.1way/server.crt;
ssl_certificate_key /usr/local/nginx/ssl.ca.1way/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
root /var/www/html;
index index.html index.htm;
}
}
#--------------------------------------------------------
#配置好后,重启nginx,采用 https打开网站,浏览器会提示证书错误,点击继续浏览即可
