MENU

nginx生成自签SSL证书

生成ssl证书

mkdir /usr/local/nginx/conf/ssl
cd !$
# 新建目录

openssl genrsa -des3 -out tmp.key 1024
#  输入密码后,再次重复输入确认密码
openssl rsa -in tmp.key -out example.com.key
# 转换key,取消密码
openssl req -new -key example.com.key -out example.com.csr
# 创建csr证书

openssl x509 -req -days 365 -in example.com.csr -signkey example.com.key -out example.com.pem
# 创建pem文件

nginx配置

    listen 443 ssl;
    server_name api.example.com;
    # TLS 配置
    ssl_certificate   /usr/local/nginx/conf/ssl/example.com.pem;
    ssl_certificate_key /usr/local/nginx/conf/ssl/example.com.key;
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  5m;
    ssl_ciphers          HIGH:!aNULL:!MD5;
    ssl_protocols        TLSv1.1 TLSv1.2;
    # http2
    listen       443 ssl http2;
    ssl_certificate     /usr/local/nginx/conf/ssl/example.com.pem;
    ssl_certificate_key /usr/local/nginx/conf/ssl/example.com.key;

Tags: None
Archives QR Code
QR Code for this page
Tipping QR Code
Leave a Comment