侧边栏壁纸
博主头像
liuxy博主等级

细水长流,吃穿不愁

  • 累计撰写 39 篇文章
  • 累计创建 30 个标签
  • 累计收到 6 条评论

目 录CONTENT

文章目录

Nginx 配置https 自制签名

liuxy
2021-12-30 / 0 评论 / 5 点赞 / 950 阅读 / 419 字 / 正在检测是否收录...
温馨提示:
本文最后更新于 2022-08-23,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。

1、判断是否有安装openssl

运行命令 operssl version

[root@localhost logs]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

2、安装operssl

运行命令

[root@localhost logs]# yum -y install operssl openssl-devel

3、查看nginx ssl 模块

./nginx -V
[root@localhost logs]# ./nginx -V
nginx version: nginx/1.17.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
configure arguments:

4、cd /nginx 加载ssl模块

[root@localhost nginx]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
./nginx -V
[root@localhost nginx]# ./nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) 
built with OpenSSL 1.0.2k-fips  26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module

5、ssl 自制证书

1、openssl genrsa -des3 -out server.key 2048
输入4位以上key(请记住它)
2、openssl rsa -in server.key -out server.key
3、openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
4、openssl dhparam -out dhparam.pem 2048 
[root@localhost ssl]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.............................+++
.......................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@localhost ssl]# openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=NingXia/L=YinChuan/O=ga/OU=ga/CN=111.51.70.155"
Enter pass phrase for server.key:

[root@localhost ssl]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
140076697241488:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:831:You must type in 4 to 1023 characters
Enter pass phrase for server.key:
writing RSA key

[root@localhost ssl]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=NingXia/L=YinChuan/O=ga/OU=ga/CN=111.51.70.155
Getting Private key

[root@localhost ssl]# openssl dhparam -out dhparam.pem 2048 
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..........+...............................................++*++*
5
广告 广告

评论区