1、判断是否有安装openssl
运行命令 operssl version
[root@localhost logs]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
2、安装operssl
运行命令
[root@localhost logs]# yum -y install operssl openssl-devel
3、查看nginx ssl 模块
./nginx -V
[root@localhost logs]# ./nginx -V
nginx version: nginx/1.17.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
configure arguments:
4、cd /nginx 加载ssl模块
[root@localhost nginx]# ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
make && make install
./nginx -V
[root@localhost nginx]# ./nginx -V
nginx version: nginx/1.18.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module
5、ssl 自制证书
1、openssl genrsa -des3 -out server.key 2048
输入4位以上key(请记住它)
2、openssl rsa -in server.key -out server.key
3、openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
4、openssl dhparam -out dhparam.pem 2048
[root@localhost ssl]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.............................+++
.......................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@localhost ssl]# openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=NingXia/L=YinChuan/O=ga/OU=ga/CN=111.51.70.155"
Enter pass phrase for server.key:
[root@localhost ssl]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
140076697241488:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:831:You must type in 4 to 1023 characters
Enter pass phrase for server.key:
writing RSA key
[root@localhost ssl]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=CN/ST=NingXia/L=YinChuan/O=ga/OU=ga/CN=111.51.70.155
Getting Private key
[root@localhost ssl]# openssl dhparam -out dhparam.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
..........+...............................................++*++*
评论区