标签:https ssl
为域名 https.ssl.com 设置https 加密访问过程: 命令如下: #openssl genrsa -des3 -out https.ssl.com.key 1024 #openssl req -new -key https.ssl.com.key -out https.ssl.com.csr #openssl rsa -in https.ssl.com.key -out https.ssl.com_nopass.key #openssl -req -new -x509 -days 3650 -key https.ssl.com_nopass.key -out https.ssl.com.crt [root@ssl key]# openssl genrsa -des3 -out https.ssl.com.key 1024 Generating RSA private key, 1024 bit long modulus ........++++++ ............++++++ e is 65537 (0x10001) Enter pass phrase for https.ssl.com.key:输入密码 Verifying - Enter pass phrase for https.ssl.com.key:重复输入密码 [root@ssl key]# openssl req -new -key https.ssl.com.key -out https.ssl.com.csr Enter pass phrase for https.ssl.com.key:输入前面设置的密码 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shanghai Locality Name (eg, city) [Default City]:Shanghai Organization Name (eg, company) [Default Company Ltd]:https.ssl.com Organizational Unit Name (eg, section) []:https.ssl.com Common Name (eg, your name or your server‘s hostname) []:*.https.ssl.com Email Address []:https@ssl.net Please enter the following ‘extra‘ attributes to be sent with your certificate request A challenge password []:直接回车 An optional company name []:直接回车 [root@ssl key]# openssl rsa -in https.ssl.com.key -out https.ssl.com_nopass.key Enter pass phrase for https.ssl.com.key:输入密码 writing RSA key [root@ssl key]# openssl req -new -x509 -days 3650 -key https.ssl.com_nopass.key -out https.ssl.com.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shanghai Locality Name (eg, city) [Default City]:Shanghai Organization Name (eg, company) [Default Company Ltd]:https.ssl.com Organizational Unit Name (eg, section) []:https.ssl.com Common Name (eg, your name or your server‘s hostname) []:*.https.ssl.com Email Address []:https@ssl.net [root@ssl key]# 配置文件中 server { listen 80; listen 443; server_name https.ssl.com; ssl on; ssl_certificate ./https.ssl.com.crt; ssl_certificate_key ./https.ssl.com_nopass.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; index index.html index-test.php; .... } 既可以https访问此域名。。
本文出自 “好记性不如烂笔头” 博客,请务必保留此出处http://cobweb.blog.51cto.com/390607/1591521
标签:https ssl
原文地址:http://cobweb.blog.51cto.com/390607/1591521