nginx绑定自我颁发ssl证书

post by rocdk890 / 2012-4-19 9:07 Thursday linux技术
1.使用openssl生成SSL数字安全证书
yum -y install openssl openssl-devel
openssl genrsa -out privkey.pem 2048
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
...........................++++++
....................................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be 
incorporated into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:chengdu
Locality Name (eg, city) []:chengdu
Organization Name (eg, company) [Internet Widgits Ltd]:rocdk890
Organizational Unit Name (eg, section) []:rocdk890
Common Name (eg, YOUR name) []:www.slogra.com
Email Address []:rocdk@163.com

Country Name (2 letter code)                 使用国际标准组织(ISO)国码格式,填写2个字母的国家代号.中国请填写CN
State or Province Name (full name)           省份,比如填写chengdu
Locality Name (eg, city)                     城市,比如填写chengdu
Organization Name (eg, company)              组织单位,比如填写公司名称的拼音
Organizational Unit Name (eg, section)       比如填写rocdk890
Common Name (eg, your websites domain name)  行使SSL加密的网站地址.请注意这里并不是单指您的域名,而是直接使用SSL的网站名称,一个网站这里定义是:slogra.com是一个网站,www.slogra.com是另外一个网站,blog.slogra.com又是另外一个网站.
Email Address                                邮件地址

2.确认nginx支持OpenSSL模块
--with-http_stub_status_module --with-http_ssl_module
nginx有这2个就可以了,如果没有,就自己重新编译加上吧.

3.修改nginx配置
    server {
        listen        80;
        server_name www.slogra.com;
        rewrite ^(.*) https://$server_name$1 permanent;
        }

    server {
        listen       443;
        ssl on;
        ssl_certificate /etc/nginx/cacert.pem;
        ssl_certificate_key /etc/nginx/privkey.pem;
        server_name www.slogra.com;
        root /var/www/vhosts/wwwroot;
        index index.php index.html index.htm;
这里是把80端口跳转到443端口,强制这个网站使用ssl加密.

4.重启nginx并验证
service nginx reload
在浏览器里输入http://www.slogra.com会自己跳转到https://www.slogra.com.好了,这样证书是不被信任的,内网使用还可以.
如果要说StartSSL是免费的,但这个只能免费一年,所以意义不是很大.
最后给大家提供个ssl证书安装介绍网站:http://www.myssl.cn/guide/ssl_lighttpd.asp
夜空- 本站版权
1、本站所有主题由该文章作者发表,该文章作者与夜空享有文章相关版权
2、其他单位或个人使用、转载或引用本文时必须同时征得该文章作者和夜空的同意
3、本帖部分内容转载自其它媒体,但并不代表本站赞同其观点和对其真实性负责
4、如本帖侵犯到任何版权问题,请立即告知本站,本站将及时予与删除并致以最深的歉意
5、原文链接:blog.slogra.com/post-177.html

标签: nginx 伪静态 rewrite ssl 证书 颁发 绑定 443 80 跳转 免费

评论: