Home > Developer > Web Develop
openssl genrsa -des3 -out server.key 1024 #生成私钥(key),设置密码openssl req -new -key server.key -out server.csr # 生成requestcp server.key server.key.oriopenssl rsa -in server.key.ori -out server.key #去除私钥密码(否则启动nginx等也需要输入密码)openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt #自签名公钥
Nginx Configuration
Self-built CA, signature, one-way signature (unlimited client, authentication service side)server { listen 443; server_name www.abc.com; root /var/www/; autoindex on; ssl on; ssl_certificate /etc/nginx/sslkey/server.crt; ssl_certificate_key /etc/nginx/sslkey/server.key; #access_log /var/log/nginx/www.abc.com-access.log main; #error_log /var/log/nginx/www.abc.com-error.log warn;}
CAT/ETC/SSL/OPENSSL.CNF modifying Democa for OpenSSL working directory
Under Working directory
touch index.txt serialchmod 666 index.txt serialecho 01 > serialmkdir -p newcerts private
Ca
openssl genrsa -des3 -out ./private/ca.key 2048 #自建ca keyopenssl req -x509 -new -days 3650 -key ./private/ca.key -out ca.crt # ca信息与证书
Server
openssl genrsa -out ./server/server.key 1024openssl req -new -key ./server/server.key -out ./server/server.csropenssl ca -in ./server/server.csr -cert ./ca.crt -keyfile ./private/ca.key -out ./server/server.crt -days 3650 #用ca签名
[ii] unrelated directory, signature
OpenSSL x509-req-sha256-ca ca.crt-cakey ca.key-cacreateserial-in server.csr-out server.crt
OpenSSL HTTPS certificate
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
