前几天申请了一个腾讯的 SSL 证书,打算弄在 solo 上面。
然后开始配置旅程:
先决条件 nginx 得先安装 SSL 模块,我这个后来在装的,还得安装 openssl。
1. 登录服务器,使用 openssl 生成 RSA 密钥及证书
生成一个 RSA 秘钥:
[root@blog_server ~]# openssl genrsa -des3 -out /usr/local/nginx/conf/2_www.cjzshilong.cn.key 1024 Generating RSA private key, 1024 bit long modulus ............................................++++++ .........++++++ e is 65537 (0x10001) Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key: Verifying - Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key: 139677890316192:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:831:You must type in 4 to 1023 characters Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key: Verifying - Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
生成一个证书请求:
[root@blog_server ~]# openssl req -new -key /usr/local/nginx/conf/2_www.cjzshilong.cn.key -out /usr/local/nginx/conf/www.cjzshilong.cn.csr Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:beijing Locality Name (eg, city) [Default City]:Beijing Organization Name (eg, company) [Default Company Ltd]:Cuijianzhe Organizational Unit Name (eg, section) []:cuijianzhe Common Name (eg, your name or your server's hostname) []:www.cjzshilong.cn Email Address []:598941324@qq.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
[root@blog_server ~]# openssl rsa -in /usr/local/nginx/conf/2_www.cjzshilong.cn.key -out /usr/local/nginx/conf/2_www.cjzshilong.cn.key Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key: writing RSA key
颁发证书:
[root@blog_server ~]# openssl x509 -req -days 365 -in /usr/local/nginx/conf/www.cjzshilong.cn.csr -signkey /usr/local/nginx/conf/2_www.cjzshilong.cn.key -out /usr/local/nginx/conf/1_www.cjzshilong.cn_bundle.crt Signature ok subject=/C=CN/ST=beijing/L=Beijing/O=Cuijianzhe /OU=cuijianzhe /CN=www.cjzshilong.cn/emailAddress=598941324@qq.com Getting Private key [root@blog_server ~]#
2.访问一下:
欢迎来到这里!
我们正在构建一个小众社区,大家在这里相互信任,以平等 • 自由 • 奔放的价值观进行分享交流。最终,希望大家能够找到与自己志同道合的伙伴,共同成长。
注册 关于