创建自签证书TLS
openssl req -newkey rsa:2048 -x509 -nodes -keyout test.com.key -new -out test.com.crt -subj /CN=test.com -reqexts SAN -extensions SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf '[SAN] subjectAltName=DNS:test.com')) -sha256 -days 3650
查看自签证书信息
openssl x509 -in test.com.crt -noout -text
配置使用TLS证书
nginx配置内容如下:
server { listen 443; server_name test.com ; ssl on; ssl_certificate /etc/pki/tls/test.crt; ssl_certificate_key /etc/pki/tls/test.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Fix 'The Logjam Attack'. ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH; ssl_prefer_server_ciphers on; ...... ...... }