Nginx 配置生成自签证书

1.创建服务器证书密钥文件 server.key
[root@3-107 ~]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
........+++
.................................................................................................................+++
e is 65537 (0x010001)
Enter pass phrase for server.key: xxx
Verifying - Enter pass phrase for server.key:xxx


2.创建服务器证书的申请文件 server.csr
[root@3-107 ~]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:xxx        --输入上一步的密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN                  ← 国家代号，中国输入CN 
State or Province Name (full name) [Some-State]:TianJin          ← 省的全名，拼音
Locality Name (eg, city) []:TianJin                         ← 市的全名，拼
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Okay Airways   ← 公司英文名
Organizational Unit Name (eg, section) []:e-Enabling           ← 部门名称,可以不输入
Common Name (e.g. server FQDN or YOUR name) []:lsapl.okair.net        ← 公司域名
Email Address []:grpegspki@okair.net                             ← 公司邮箱名

Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:                                   ← 可以不输入 
An optional company name []:                           ← 可以不输入 

#cp server.key server.key.bak

#openssl rsa -in server.key.bak -out server.key

#openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt    --3650表示十年有效期

#mkdir -p /etc/nginx/ssl
#cp server.crt /etc/nginx/ssl/      --复制公钥
#cp server.key /etc/nginx/ssl/      --复制私钥