前几天申请了一个腾讯的 SSL 证书,打算弄在 solo 上面。
然后开始配置旅程:
先决条件 nginx 得先安装 SSL 模块,我这个后来在装的,还得安装 openssl。
1. 登录服务器,使用 openssl 生成 RSA 密钥及证书
生成一个 RSA 秘钥:
[root@blog_server ~]# openssl genrsa -des3 -out /usr/local/nginx/conf/2_www.cjzshilong.cn.key 1024
Generating RSA private key, 1024 bit long modulus
............................................++++++
.........++++++
e is 65537 (0x10001)
Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
Verifying - Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
139677890316192:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:831:You must type in 4 to 1023 characters
Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
Verifying - Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
生成一个证书请求:
[root@blog_server ~]# openssl req -new -key /usr/local/nginx/conf/2_www.cjzshilong.cn.key -out /usr/local/nginx/conf/www.cjzshilong.cn.csr
Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:Cuijianzhe
Organizational Unit Name (eg, section) []:cuijianzhe
Common Name (eg, your name or your server's hostname) []:www.cjzshilong.cn
Email Address []:598941324@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@blog_server ~]# openssl rsa -in /usr/local/nginx/conf/2_www.cjzshilong.cn.key -out /usr/local/nginx/conf/2_www.cjzshilong.cn.key
Enter pass phrase for /usr/local/nginx/conf/2_www.cjzshilong.cn.key:
writing RSA key
颁发证书:
[root@blog_server ~]# openssl x509 -req -days 365 -in /usr/local/nginx/conf/www.cjzshilong.cn.csr -signkey /usr/local/nginx/conf/2_www.cjzshilong.cn.key -out /usr/local/nginx/conf/1_www.cjzshilong.cn_bundle.crt
Signature ok
subject=/C=CN/ST=beijing/L=Beijing/O=Cuijianzhe /OU=cuijianzhe /CN=www.cjzshilong.cn/emailAddress=598941324@qq.com
Getting Private key
[root@blog_server ~]#
2.访问一下:
欢迎来到这里!
我们正在构建一个小众社区,大家在这里相互信任,以平等 • 自由 • 奔放的价值观进行分享交流。最终,希望大家能够找到与自己志同道合的伙伴,共同成长。
注册 关于