使用openssl生成 https证书, 并在 nginx 中配置https
-
创建一个私钥
openssl genrsa -out server.key 2048 -
生成 CSR
Common Name 要输入域名
openssl req -new -key server.key -out server.csr -
删除私钥中的密码, 有利于自动化部署
openssl rsa -in server.key -out server.key -
生成自签名证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt -
生成 PEM 格式的证书
openssl x509 -in server.crt -out server.pem -outform PEM -
nginx 配置
server { listen 80; server_name baidu.com; # return 301 https://baidu.com; # return 301 https://$host$request_uri; rewrite ^(.*)$ https://baidu.com permanent; } server { listen 443 ssl; server_name baidu.com; keepalive_timeout 70; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; ssl_certificate /home/bigdata/csr/server.pem; ssl_certificate_key /home/bigdata/csr/server.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location / { alias html/; index index.html; } }
标题:使用openssl生成 https证书, 并在 nginx 中配置https
作者:zytops
地址:https://zytops.com/articles/2025/08/18/1755499657186.html