假设生成证书的目录为 /data/crt,生成操作完成后,/data/crt/下将会生成以下文件:
private.key server.crt server.csr server.key1、生成私钥
> openssl genrsa -des3 -out private.key 20482、生成证书请求
> openssl req -new -key private.key -out server.csr3、生成服务器的私钥,去除密钥口令
> openssl rsa -in private.key -out server.key4、使用私钥为证书请求签名,生成给服务器签署的证书,格式是x509的PEM格式
> sudo openssl x509 -req -in server.csr -out server.crt -signkey server.key -days 36505、nginx配置
server { listen 80; # http端口监听 listen 443; # https端口监听 server_name www.test.com; index index.html index.htm index.php; # ssl配置 ssl on; ssl_certificate /data/crt/server.crt; ssl_certificate_key /data/crt/server.key; location / { rewrite . /index.php last; } location = /index.php { include fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /data/www/blog/index.php; fastcgi_param SCRIPT_NAME /data/www/blog/index.php; } }转载于:https://www.cnblogs.com/chenguoli/p/7845578.html
