无情 @ Sun Oct 12 22:20:32 CST 2014 阅读(1631)
ssl nginx


 1.查看是否已经安装 ssl 组件

[root@localhost wwwlogs]# cd /usr/local/nginx/sbin/

[root@localhost sbin]# ./nginx -V

nginx version: nginx/1.0.15

built by gcc 4.1.2 20080704 (Red Hat 4.1.2-52)

TLS SNI support disabled

configure arguments: --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module --with-ipv6

如果已经有了 http_ssl_module 则表示已经安装.若没有, 则要重新编译一安装 nginx


2.生成 key

[root@localhost sbin]# cd /usr/local/nginx/conf/

[root@localhost conf]# openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus

.......++++++

..........................................++++++

e is 65537 (0x10001)

Enter pass phrase for server.key:abcd

Verifying - Enter pass phrase for server.key:abcd

3.生成证书

[root@localhost conf]# openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:abcd

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:CN

State or Province Name (full name) [Berkshire]:beijing

Locality Name (eg, city) [Newbury]:chaoyang

Organization Name (eg, company) [My Company Ltd]:test

Organizational Unit Name (eg, section) []:web

Common Name (eg, your name or your server's hostname) []:sunyu

Email Address []:sunyu@test.cn

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:1qazxsw23edc

An optional company name []:testcomp

[root@localhost conf]# cp server.key server.key.org

[root@localhost conf]# openssl rsa -in server.key.org -out server.key

Enter pass phrase for server.key.org:abcd

writing RSA key

[root@localhost conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crt

Signature ok

subject=/C=CN/ST=beijing/L=chaoyang/O=easymobi/OU=web/CN=sunyu/emailAddress=sunyu@easymobi.cn

Getting Private key

4.配置 nginx

在配置文件中加入:

server

{

listen       443;

server_name test.test.cn;

index index.html index.htm index.php;

root  /home/wwwroot/vegtest/;

ssl on;

ssl_certificate /usr/local/nginx/conf/server.crt;

ssl_certificate_key /usr/local/nginx/conf/server.key;

}