开启https站点访问-网站ssl证书申请

1.通过下openssl命令申请SSL证书
<1>生成一个rsa密钥,并设置密码为auga@*(

[root@localhost /]# openssl genrsa -des3 -out service.auga.cn.key 2048(因证书颁发机构要求,所以生成size为2048的密钥)
Generating RSA private key, 2048 bit long modulus
...........................................................+++
....................................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for service.auga.cn.key:(输入密码)
Verifying - Enter pass phrase for service.auga.cn.key:(重复输出密码)

<2>拷贝一个不需要输入密码的密钥文件

[root@localhost /]# openssl rsa -in service.auga.cn.key -out service.auga.cn.nopass.key
Enter pass phrase for service.auga.cn.key: (输入密钥密码)
writing RSA key
<3>生成一个证书请求
[root@localhost /]# openssl req -new -key service.auga.cn.key -out service.auga.cn.csr
Enter pass phrase for service.auga.cn.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN (国家:中国)
State or Province Name (full name) [Berkshire]:Beijing (省份:北京)
Locality Name (eg, city) [Newbury]:Beijing (城市:北京)
Organization Name (eg, company) [My Company Ltd]:cbsi china (组织名称:cbsi china)
Organizational Unit Name (eg, section) []:auga (单位名称:狐狸运维网)
Common Name (eg, your name or your server's hostname) []:service.auga.cn (域名:service.auga.cn)
Email Address []:admin@auga.cn(邮箱:zhoujian@auga.cn)
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: (直接回车即可)
An optional company name []:(直接回车即可)

<4>将所生成的service.auga.cn.csr文件内容发送给证书颁发机构。
<5>将证书颁发机构所颁发的SSL证书与DomainSSL 中级证书合并在一个文件中,并命名为service.auga.cn.crt
2. 编辑配置文件nginx.conf,给站点加上HTTPS协议。并重启NGINX
(仅显示重要部分)

server
  {
    listen       443; (https端口)
    server_name  service.auga.cn;
    index index.html index.htm index.php;
    root  /export/home/cms/www/service.auga.cn;
      ssl on; (开启ssl)
ssl_certificate /usr/local/nginx/key/service.auga.cn.crt; (加载SSL证书文件)
ssl_certificate_key /usr/local/nginx/key/service.auga.cn.nopass.key; (加载SSL证书密钥文件)
     include ipfoward.conf;
    #limit_conn   crawler  20;  
}

至此,service.auga.cn 部署SSL证书完成。

未经允许不得转载:99ya » 开启https站点访问-网站ssl证书申请

抢沙发