標籤:
1.查看是否已經安裝 ssl 組件
[[email protected] wwwlogs]# cd /usr/local/nginx/sbin/[[email protected] sbin]# ./nginx -Vnginx version: nginx/1.0.15built by gcc 4.1.2 20080704 (Red Hat 4.1.2-52)TLS SNI support disabledconfigure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6如果已經有了 http_ssl_module 則表示已經安裝.若沒有, 則要重新編譯一安裝 nginx 2.產生 key[[email protected] sbin]# cd /usr/local/nginx/conf/[[email protected] conf]# openssl genrsa -des3 -out server.key 1024Generating RSA private key, 1024 bit long modulus.......++++++..........................................++++++e is 65537 (0x10001)Enter pass phrase for server.key:abcdVerifying - Enter pass phrase for server.key:abcd 3.產生認證[[email protected] conf]# openssl req -new -key server.key -out server.csrEnter pass phrase for server.key:abcdYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.‘, the field will be left blank.-----Country Name (2 letter code) [GB]:CNState or Province Name (full name) [Berkshire]:beijingLocality Name (eg, city) [Newbury]:chaoyangOrganization Name (eg, company) [My Company Ltd]:testOrganizational Unit Name (eg, section) []:webCommon Name (eg, your name or your server‘s hostname) []:sunyuEmail Address []:[email protected] Please enter the following ‘extra‘ attributesto be sent with your certificate requestA challenge password []:1qazxsw23edcAn optional company name []:testcomp [[email protected] conf]# cp server.key server.key.org[[email protected] conf]# openssl rsa -in server.key.org -out server.keyEnter pass phrase for server.key.org:abcdwriting RSA key[[email protected] conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crtSignature oksubject=/C=CN/ST=beijing/L=chaoyang/O=easymobi/OU=web/CN=sunyu/[email protected]Getting Private key 4.配置 nginx在設定檔中加入:server{listen 443;server_name test.test.cn;index index.html index.htm index.php;root /home/wwwroot/vegtest/; ssl on;ssl_certificate /usr/local/nginx/conf/server.crt;ssl_certificate_key /usr/local/nginx/conf/server.key;}然後訪問 https://test.test.cn 即可看到效果.
centos nginx install openssl