zoukankan      html  css  js  c++  java
  • 【原创】大叔经验分享(103)自制https证书

    替换以下命令和配置中的your.domain为你的域名

    1 生成ca.key

    openssl genrsa -des3 -out ca.key 2048

    输入ca.key的密码,4位以上

    2 生成ca.crt

    openssl req -new -x509 -days 7305 -key ca.key -out ca.crt

    输入ca.key的密码
    填写:Common Name (eg, your name or your server's hostname) [] 为your.domain

    3 生成your.domain.pem

    openssl genrsa -des3 -out your.domain.pem 1024

    输入your.domain.pem的密码,4位以上

    4 生成your.domain.key

    openssl rsa -in your.domain.pem -out your.domain.key

    输入your.domain.pem的密码

    5 生成your.domain.csr

    openssl req -new -key your.domain.pem -out your.domain.csr

    输入your.domain.pem的密码
    填写:Common Name (eg, your name or your server's hostname) [] 为your.domain

    6 生成your.domain.crt

    openssl ca -policy policy_anything -days 1460 -cert ca.crt -keyfile ca.key -in your.domain.csr -out your.domain.crt

    输入ca.key的密码

    最后一步可能报错:

    /etc/pki/CA/index.txt: No such file or directory
    unable to open '/etc/pki/CA/index.txt'
    139707575097232:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/etc/pki/CA/index.txt','r')
    139707575097232:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:

    解决方法:

    # touch /etc/pki/CA/index.txt

    7 nginx配置证书

    server {
    listen 443 ssl;
    server_name your.domain;

    ssl_certificate /etc/nginx/conf.d/ssl/your.domain.crt;
    ssl_certificate_key /etc/nginx/conf.d/ssl/your.domain.key;

  • 相关阅读:
    云服务器数据库连接(初始密码)
    springboot打jar包正常无法访问页面
    JAVA项目启动正常,无法访问
    vs快捷键大全(转)
    Effective C#(3)
    单元测试之道C#版(1)
    单元测试之道C#版(2)
    从零开始复习股票知识
    A new languageGo
    单元测试之道C#版(3)
  • 原文地址:https://www.cnblogs.com/barneywill/p/12587964.html
Copyright © 2011-2022 走看看