本文已参与「新人创作礼」活动,一起开启掘金创作之路。
使用工具
- 使用git的命令行工具或者
cmder - 注意使用
cmd命令行是不行的,cmd命令行并不能识别openssl命令
openssl genrsa 命令介绍
openssl genrsa 命令是会用来生成 RSA 私有秘钥,不会生成公钥,因为公钥提取自私钥。生成时是可以指定私钥长度和密码保护。
如果需要查看公钥或生成公钥,可以使用 openssl rsa 命令。
创建私钥
生成秘钥是生成证书的前提
生成长度为 1024 的秘钥
$ openssl genrsa -out certificate.key 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
...+++++
...............................................+++++
e is 65537 (0x010001)
创建证书请求
需要输入一些列信息,最重要的是Common Name表示要使用https访问的域名
$ openssl req -new -out certificate.csr -key certificate.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:ShanDong
Locality Name (eg, city) []:QingDao
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:chisheng.xin
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:
签署服务器证书
$ openssl x509 -req -in certificate.csr -out certificate.pem -signkey certificate.key -days 3650
Signature ok
subject=C = CN, ST = ShanDong, L = QingDao, O = Internet Widgits Pty Ltd, CN = chisheng.xin
Getting Private key
配置Nginx
我这里使用的是PHPstudy配置文件
server {
listen 443 ssl;
ssl_certificate D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/certificate.pem;
ssl_certificate_key D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/certificate.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
server_name chisheng.xin;
root "D:/phpstudy_pro/WWW/chisheng.xin";
location / {
index index.php index.html error/index.html;
error_page 400 /error/400.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 500 /error/500.html;
error_page 501 /error/501.html;
error_page 502 /error/502.html;
error_page 503 /error/503.html;
error_page 504 /error/504.html;
error_page 505 /error/505.html;
error_page 506 /error/506.html;
error_page 507 /error/507.html;
error_page 509 /error/509.html;
error_page 510 /error/510.html;
include D:/phpstudy_pro/WWW/chisheng.xin/nginx.htaccess;
autoindex off;
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9004;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}
然后重启Nginx
