zoukankan      html  css  js  c++  java

  • 【原创】大叔经验分享(103)自制https证书

    替换以下命令和配置中的your.domain为你的域名

    1 生成ca.key

    openssl genrsa -des3 -out ca.key 2048

    输入ca.key的密码,4位以上

    2 生成ca.crt

    openssl req -new -x509 -days 7305 -key ca.key -out ca.crt

    输入ca.key的密码
    填写:Common Name (eg, your name or your server's hostname) [] 为your.domain

    3 生成your.domain.pem

    openssl genrsa -des3 -out your.domain.pem 1024

    输入your.domain.pem的密码,4位以上

    4 生成your.domain.key

    openssl rsa -in your.domain.pem -out your.domain.key

    输入your.domain.pem的密码

    5 生成your.domain.csr

    openssl req -new -key your.domain.pem -out your.domain.csr

    输入your.domain.pem的密码
    填写:Common Name (eg, your name or your server's hostname) [] 为your.domain

    6 生成your.domain.crt

    openssl ca -policy policy_anything -days 1460 -cert ca.crt -keyfile ca.key -in your.domain.csr -out your.domain.crt

    输入ca.key的密码

    最后一步可能报错:

    /etc/pki/CA/index.txt: No such file or directory
    unable to open '/etc/pki/CA/index.txt'
    139707575097232:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/pki/CA/index.txt','r')
    139707575097232:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:

    解决方法:

    # touch /etc/pki/CA/index.txt

    7 nginx配置证书

    server {
    listen 443 ssl;
    server_name your.domain;

    ssl_certificate /etc/nginx/conf.d/ssl/your.domain.crt;
    ssl_certificate_key /etc/nginx/conf.d/ssl/your.domain.key;
  • 相关阅读:
    ‘Host’ is not allowed to connect to this mysql server
    centos7安装mysql
    further configuration avilable 不见了
    Dynamic Web Module 3.0 requires Java 1.6 or newer
    hadoop启动 datanode的live node为0
    ssh远程访问失败 Centos7
    Linux 下的各种环境安装
    Centos7 安装 python2.7
    安装scala
    Centos7 安装 jdk 1.8
  • 原文地址:https://www.cnblogs.com/barneywill/p/12587964.html
Copyright © 2011-2022 走看看