使用Nginx搭建HTTPS服务器(2)

1.3由已生产的私钥生成证书请求文件CSR。 openssl rsa -in xn2.lqb.com -out xn2.lqb.com_nopwd.key
[root@Monitor ssl]# openssl rsa -in xn2.lqb.com -out xn2.lqb.com_nopwd.key
Enter pass phrase for xn2.lqb.com:
writing RSA key
[root@Monitor ssl]# openssl req -new -key xn2.lqb.com -out xn2.lqb.com.csr
Enter pass phrase for xn2.lqb.com:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:shanghai
Locality Name (eg, city) []:shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:xn2.lqb.com
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:xn2.lqb.com
Email Address []:2223344@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@Monitor ssl]# ls
xn2.lqb.com  xn2.lqb.com.csr  xn2.lqb.com_nopwd.key

1.4.证书请求文件CSR文件必须有CA的签名才能形成证书,可以将此CSR发给StartSSL(可免费)、verisign(一大笔钱)等地方由他来验证。也可以自己做CA,自己给自己颁发证书。创建一个自己签署的CA证书。openssl req -new -x509 -days 3650 -key xn2.lqb.com -out xn2.lqb.com.crt
[root@Monitor ssl]# openssl req -new -x509 -days 3650 -key xn2.lqb.com -out xn2.lqb.com.crt     
xn2.lqb.com            xn2.lqb.com.csr        xn2.lqb.com_nopwd.key 
[root@Monitor ssl]# openssl req -new -x509 -days 3650 -key xn2.lqb.com_nopwd.key -out xn2.lqb.com.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai 
Locality Name (eg, city) []:shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:lqb.com
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:xn2.lqb.com
Email Address []:
[root@Monitor ssl]# ls
xn2.lqb.com  xn2.lqb.com.crt  xn2.lqb.com.csr  xn2.lqb.com_nopwd.key

2.查看nginx是否安装SSL模块
[root@Monitor ~]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.10.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-pcre --with-http_realip_module --with-http_image_filter_module --with-debug

3.配置nginx虚拟主机文件
[root@Monitor ssl]#vim  ../server.conf
server {
        listen    80; 
        server_name  xn2.lqb.com;
        root /html/xn2;
    #    rewrite ^/(.*)$ https:xn3.lqb.com/$1 permanent;
    location / {
      index index.html;
    #    proxy_cache mycache;
    #    proxy_cache_valid 200 3h;
    #    proxy_cache_valid 301 302 10m;
    #    proxy_cache_valid all 1m;
    #    proxy_cache_use_stale error timeout http_500 http_502 http_503;
    #   
    #    proxy_pass ;
    #    proxy_set_header Host    $host;
    #    proxy_set_header X-Real-IP  $remote_addr;
                    }
                   
      location  /images/
          {
            index index.html;
            }
                    }
server {
     
        listen      *:443;
        server_name  xn2.lqb.com;
        ssl            on;                                ###位虚拟主机开启ssl支持
        ssl_certificate /usr/local/nginx/conf/server/ssl/xn2.lqb.com.crt;    ###为虚拟主机指定签名证书文件
        ssl_certificate_key    /usr/local/nginx/conf/server/ssl/xn2.lqb.com_nopwd.key;    ###为虚拟主机指定私钥文件
#      #ssl_session_timeout  5m;        ####客户端能够重复使用存储在缓存中的会话参数时间
        root  /html/xn3;
        location  /images/ {
                index index.html;
              }
        location / {
        proxy_pass ;
        proxy_set_header Host    $host;
        proxy_set_header X-Real-IP  $remote_addr;
                  }
          }

4,在浏览器查看访问记录

使用Nginx搭建HTTPS服务器

使用Nginx搭建HTTPS服务器

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/8b013be2368877527e811a5e391c7efd.html