zoukankan      html  css  js  c++  java

  • 基于nginx结合openssl实现https

    [root@localhost ~]#systemctl stop firewalld
    [root@localhost ~]#setenforce 0
    [root@localhost ~]#iptables -F
    [root@localhost ~]#yum -y install pcre zlib openssl openssl-devel pcre-devel zlib-devel
    [root@localhost ~]#cd /usr/local/nginx-1.16.0
    [root@localhost nginx-1.16.0]#./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module --with-http_ssl_module
    [root@localhost ~]#make && make install
    [root@localhost ~]#useradd -M -s /sbin/nologin nginx
    [root@localhost ~]#ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin
    [root@localhost ~]#nginx
    [root@localhost ~]# touch /etc/pki/CA/index.txt
    [root@localhost ~]# echo 01 > /etc/pki/CA/serial
    [root@localhost ~]# cd /etc/pki/CA/
    [root@localhost CA]# umask 066
    [root@localhost CA]# openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048
    [root@localhost ~]# openssl req -x509 -key /etc/pki/CA/private/cakey.pem -days 7300 -out /etc/pki/CA/cacert.pem
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:BJ
    Locality Name (eg, city) [Default City]:BJ
    Organization Name (eg, company) [Default Company Ltd]:WXYC
    Organizational Unit Name (eg, section) []:JSB
    Common Name (eg, your name or your server's hostname) []:a.com
    Email Address []:111111@sina.com

    [root@localhost ~]# mkdir key
    [root@localhost ~]# cd key/
    [root@localhost key]# umask 066
    [root@localhost key]# openssl genrsa -out service.key 2048
    [root@localhost key]# openssl req -new -key service.key -out service.csr
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:BJ
    Locality Name (eg, city) [Default City]:BJ
    Organization Name (eg, company) [Default Company Ltd]:WXYC
    Organizational Unit Name (eg, section) []:JSB
    Common Name (eg, your name or your server's hostname) []:a.com
    Email Address []:111111@sina.com

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

    [root@localhost key]# mkdir /etc/pki/CA/csr
    [root@localhost key]# mv service.csr /etc/pki/CA/csr
    [root@localhost key]# openssl ca -in /etc/pki/CA/csr/service.csr -out /etc/pki/CA/certs/service.crt -days 365
    Sign the certificate? [y/n]:y


    1 out of 1 certificate requests certified, commit? [y/n]y
  • 相关阅读:
    CTeX里面CTRL-Space和中文输入法的冲突问题解决
    用LaTeX画树形结构
    统计学howto
    Lights Out Game
    ubuntu下安装 Source insight
    github常用命令
    编程珠玑:第7章(初略估算)的阅读体会
    在windows上安装common lisp开发环境
    睡眠十律:程序员必看
    网络和服务器编程
  • 原文地址:https://www.cnblogs.com/lyqlyqlyq/p/11641737.html
Copyright © 2011-2022 走看看