"[图片] 前几天申请了一个腾讯的 SSL 证书,打算弄在 solo 上面。 [图片] 然后开始配置旅程: 先决条件 nginx 得先安装 SSL 模块,我这个后来在装的,还得安装 openssl。 1. 登录服务器,使用 openssl 生成 RSA 密钥及证书 生成一个 RSA 秘钥: [root@blog_serv .."

solo 配置 ssl 证书加 https 访问

前几天申请了一个腾讯的 SSL 证书,打算弄在 solo 上面。 证书.png

然后开始配置旅程:

先决条件 nginx 得先安装 SSL 模块,我这个后来在装的,还得安装 openssl。

1. 登录服务器,使用 openssl 生成 RSA 密钥及证书

生成一个 RSA 秘钥:

[root@blog_server ~]# openssl genrsa -des3 -out /usr/local/nginx/conf/2_www.cjzshilong.cn.key 1024

Generating RSA private key, 1024 bit long modulus
............................................++++++
.........++++++
e is 65537 (0x10001)
Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
Verifying - Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
139677890316192:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:831:You must type in 4 to 1023 characters
Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
Verifying - Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:

生成一个证书请求:

[root@blog_server ~]# openssl req -new -key /usr/local/nginx/conf/2_www.cjzshilong.cn.key -out /usr/local/nginx/conf/www.cjzshilong.cn.csr

Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:Cuijianzhe     
Organizational Unit Name (eg, section) []:cuijianzhe 
Common Name (eg, your name or your server's hostname)[]:www.cjzshilong.cn
Email Address []:598941324@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@blog_server ~]# openssl rsa -in /usr/local/nginx/conf/2_www.cjzshilong.cn.key -out /usr/local/nginx/conf/2_www.cjzshilong.cn.key 

Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
writing RSA key

颁发证书:

[root@blog_server ~]# openssl x509 -req -days 365 -in /usr/local/nginx/conf/www.cjzshilong.cn.csr -signkey /usr/local/nginx/conf/2_www.cjzshilong.cn.key -out /usr/local/nginx/conf/1_www.cjzshilong.cn_bundle.crt 

Signature ok
subject=/C=CN/ST=beijing/L=Beijing/O=Cuijianzhe /OU=cuijianzhe /CN=www.cjzshilong.cn/emailAddress=598941324@qq.com
Getting Private key
[root@blog_server ~]# 

2. 访问一下:

ssl.png

  • NGINX

    NGINX 是一个高性能的 HTTP 和反向代理服务器,也是一个 IMAP/POP3/SMTP 代理服务器。 NGINX 是由 Igor Sysoev 为俄罗斯访问量第二的 Rambler.ru 站点开发的,第一个公开版本 0.1.0 发布于 2004 年 10 月 4 日。

    194 引用 • 411 回帖 • 730 关注
感谢    关注    收藏    赞同    反对    举报    分享
回帖    
请输入回帖内容...