OpenSSL生成证书

[TOC]

生成命令

生成根证书的私钥

openssl genrsa -des3 -out server.key 2048

创建服务器证书的申请文件server.csr

openssl req -new -key server.key -out server.csr

去除文件口令,复制server.key并重命名server.key.org

openssl rsa -in server.key.org -out server.key

创建服务器证书(有效期十年)

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

nginx配置示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
server {
    listen       443 ssl;
    server_name  localhost;
    ssl_certificate      D:\\nginx-1.23.2\\ssl\\server.crt;
    ssl_certificate_key  D:\\nginx-1.23.2\\ssl\\server.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_protocols        SSLv2 SSLv3 TLSv1.2;
    ssl_ciphers          HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
    location / {
        root  D:\\workspace\project;
    }
}