生成证书
安装openssl
从官网下载openssl安装文件 下载地址 下一步就行
创建证书
新建一个文件夹,然后打开cmd 第一步
D:\ssl>openssl genrsa -des3 -out server.key 1024
Enter PEM pass phrase: 此处输入密码
Verifying - Enter PEM pass phrase:此处输入密码
第二步
D:\ssl>openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn 国家代码
State or Province Name (full name) [Some-State]:zj 省份
Locality Name (eg, city) []:hz 城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:test 组织
Organizational Unit Name (eg, section) []:test 单位
Common Name (e.g. server FQDN or YOUR name) []:as 自定义名称
Email Address []:123456@qq.com 邮箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:输入密码
An optional company name []:公司名称
第三步
D:\ssl>openssl rsa -in server.key -out server.key.unsecure
Enter pass phrase for server.key:输入密码
writing RSA key
第四步
D:\ssl>openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Enter pass phrase for server.key:
Certificate request self-signature ok
subject=C=cn, ST=zj, L=hz, O=test, OU=test, CN=as, emailAddress=544899306@qq.com
最终会生成四个文件
配置nginx
nginx配置如下
server {
listen 8083 ssl;
server_name localhost;
ssl_certificate /path/server.crt; # 指定自签名证书路径,改为自己的路径
ssl_certificate_key /path/server.key.unsecure; # 指定私钥路径,改为自己的路径
#charset koi8-r;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
}
然后在浏览器访问https://localhost:8083/ 会提示连接不安全,然后点击继续访问即可
