openssl 证书

openssl

Mon 28 Dec 17:45:30 CST 2020

hflxhn.com

1. 创建服务器证书文件 server.key:

openssl genrsa -des3 -out server.key 2048

2. 创建服务器证书的申请文件 server.csr

openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [XX]:cn # 国家代号
State or Province Name (full name) []:shanxi # 省
Locality Name (eg, city) [Default City]:xian # 市
Organization Name (eg, company) [Default Company Ltd]:mw # 公司名
Organizational Unit Name (eg, section) []: # 可以不输入
Common Name (eg, your name or your server‘s hostname) []:
Email Address []:hflxhn@163.com # 邮箱
A challenge password []: # 可以不输入
An optional company name []: # 可以不输入

3. 备份密钥文件

cp server.key server.key.back

4. 去除文件口令

openssl rsa -in server.key.back -out server.key

5. 生成证书文件

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# HTTPS server

server {
    listen       443 ssl;
    server_name  localhost;

    #ssl_certificate      cert.pem;
    #ssl_certificate_key  cert.key;
    ssl_certificate      ssl/server.crt;
    ssl_certificate_key  ssl/server.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
    proxy_set_header X-real-ip $remote_addr;
    proxy_pass http://v3.mainwill.com;
    }
}

openssl 证书

原文：https://www.cnblogs.com/yuhaipeng/p/14847775.html