在任意路径下(例如/opt/nginx/crt/)执行以下命令,生成证书和key:
openssl genrsa -des3 -out openssl.key 1024
openssl req -new -x509 -key openssl.key -out openssl.crt -days 3650
openssl rsa -in openssl.key -out openssl_nopass.key
生成的证书:openssl.crt
证书的key:openssl_nopass.key
编辑nginx.conf
放开HTTPS server的一段注释,同时修改:
ssl_certificate、ssl_certificate_key为刚才生成的证书及key的路径:
ssl_certificate /opt/nginx/crt/openssl.crt;
ssl_certificate_key /opt/nginx/crt/openssl_nopass.key;
启动nginx,访问HTTPS端口(默认443)
nginx.conf中HTTPS相关配置示例:
server {
listen 443 ssl;
server_name xubuntu;
ssl_certificate /opt/nginx/crt/openssl.crt;
ssl_certificate_key /opt/nginx/crt/openssl_nopass.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
原文地址:http://artinfo.blog.51cto.com/10067034/1638374
