假設生成證書的目錄為 /data/crt,生成操作完成后,/data/crt/下將會生成以下文件:
private.key
server.crt
server.csr
server.key
1、生成私鑰
> openssl genrsa -des3 -out private.key 2048
2、生成證書請求
> openssl req -new -key private.key -out server.csr
3、生成服務器的私鑰,去除密鑰口令
> openssl rsa -in private.key -out server.key
4、使用私鑰為證書請求簽名,生成給服務器簽署的證書,格式是x509的PEM格式
> sudo openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 3650
5、nginx配置
server {
listen 80; # http端口監聽
listen 443; # https端口監聽
server_name www.test.com;
index index.html index.htm index.php;
# ssl配置
ssl on;
ssl_certificate /data/crt/server.crt;
ssl_certificate_key /data/crt/server.key;
location / {
rewrite . /index.php last;
}
location = /index.php {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME /data/www/blog/index.php;
fastcgi_param SCRIPT_NAME /data/www/blog/index.php;
}
}