使用openssl生成 https证书, 并在 nginx 中配置https

  |   0 评论   |   0 浏览
  1. 创建一个私钥

    openssl genrsa -out server.key 2048
    
  2. 生成 CSR

    Common Name 要输入域名

    openssl req -new -key server.key -out server.csr
    
  3. 删除私钥中的密码, 有利于自动化部署

    openssl rsa -in server.key -out server.key
    
  4. 生成自签名证书

    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
    
  5. 生成 PEM 格式的证书

    openssl x509 -in server.crt -out server.pem -outform PEM
    
  6. nginx 配置

    server {
        listen  80;
        server_name  baidu.com;
        # return  301  https://baidu.com;
        # return  301  https://$host$request_uri;
        rewrite  ^(.*)$  https://baidu.com  permanent;
    }
    
    server {
        listen  443 ssl;
        server_name  baidu.com;
        keepalive_timeout  70;
    
        ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers  AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
        ssl_certificate  /home/bigdata/csr/server.pem;
        ssl_certificate_key  /home/bigdata/csr/server.key;
        ssl_session_cache  shared:SSL:10m;
        ssl_session_timeout  10m;
    
        location / {
            alias  html/;
            index  index.html;
        }
    }
    

标题:使用openssl生成 https证书, 并在 nginx 中配置https
作者:zytops
地址:https://zytops.com/articles/2025/08/18/1755499657186.html