国产探花免费观看_亚洲丰满少妇自慰呻吟_97日韩有码在线_资源在线日韩欧美_一区二区精品毛片,辰东完美世界有声小说,欢乐颂第一季,yy玄幻小说排行榜完本

首頁 > 網站 > Nginx > 正文

Nginx服務器的SSL證書配置以及對SSL的反向代理配置

2024-08-30 12:22:08
字體:
來源:轉載
供稿:網友
這篇文章主要介紹了Nginx服務器的SSL證書配置以及對SSL的反向代理配置方法,通常在開啟全站HTTPS時會用到,需要的朋友可以參考下

Nginx的SSL證書配置
1、使用openssl實現證書中心
由于是使用openssl架設私有證書中心,因此要保證以下字段在證書中心的證書、服務端證書、客戶端證書中都相同

Country Name State or Province Name Locality Name Organization Name Organizational Unit NameCountry Name State or Province Name Locality Name Organization Name Organizational Unit Name

 
編輯證書中心配置文件

vim /etc/pki/tls/openssl.cnf
[ CA_default ] dir    = /etc/pki/CA certs   = $dir/certs   # Where the issued certs are kept crl_dir   = $dir/crl    # Where the issued crl are kept database  = $dir/index.txt  # database index file. #unique_subject = no     # Set to 'no' to allow creation of # several ctificates with same subject. new_certs_dir = $dir/newcerts   # default place for new certs. certificate  = $dir/cacert.pem  # The CA certificate serial   = $dir/serial   # The current serial number crlnumber  = $dir/crlnumber  # the current crl number          # must be commented out to leave a V1 CRL crl    = $dir/crl.pem   # The current CRL private_key  = $dir/private/cakey.pem# The private key RANDFILE  = $dir/private/.rand # private random number file[ req_distinguished_name ] countryName      = Country Name(2 letter code) countryName_default    = CN countryName_min     = 2 countryName_max     = 2 stateOrProvinceName    = State or Province Name (full name) stateOrProvinceName_default  = FJ localityName     = Locality Name (eg, city) localityName_default   = FZ 0.organizationName    = Organization Name (eg, company) 0.organizationName_default  = zdz organizationalUnitName   = Organizational Unit Name (eg, section) organizationalUnitName_default = zdz

創建證書私鑰

cd /etc/pki/CA/private
 (umask 077;openssl genrsa -out cakey.pem 2048

)
生成自簽證書

cd /etc/pki/CA/ openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days=3655
2、創建服務器證書
mkdir /usr/local/nginx/ssl cd /usr/local/nginx/ssl
 (umask 077;openssl genrsa -out nginx.key 1024)
 openssl req -new -key nginx.key -out nginx.csr openssl ca -in nginx.csr -out nginx.crt -days=3650

3、創建客戶端瀏覽器證書

(umask 077;openssl genrsa -out client.key 1024)
 openssl req -new -key client.key -out client.csr openssl ca -in client.csr -out client.crt -days=3650

 將文本格式的證書轉換成可以導入瀏覽器的證書

 openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12

4、配置nginx服務器驗證

vim /usr/local/nginx/conf/nginx.conf

發表評論 共有條評論
用戶名: 密碼:
驗證碼: 匿名發表
主站蜘蛛池模板: 华亭县| 钦州市| 定日县| 马尔康县| 图木舒克市| 漠河县| 虎林市| 哈密市| 茂名市| 横山县| 嘉义县| 铁岭县| 嘉荫县| 廉江市| 洪湖市| 监利县| 江山市| 游戏| 深泽县| 怀集县| 布尔津县| 留坝县| 台州市| 永川市| 安溪县| 冕宁县| 盐津县| 南和县| 桐柏县| 彰化县| 福建省| 哈巴河县| 宁国市| 邓州市| 平谷区| 会东县| 七台河市| 柞水县| 吉林市| 广东省| 易门县|