Nginx 实现Https访问

默认情况下ssl模块并未被安装，如果要使用该模块则需要在编译时指定–with-http_ssl_module参数，安装模块依赖于OpenSSL库和一些引用文件，通常这些文件并不在同一个软件包中。通常这个文件名类似libssl-dev

1.   生成证书

1.1创建服务器私钥

mkdir–p /application/nginx/sslkey/ #创建证书目录

cd/application/nginx/sslkey/

opensslgenrsa -des3 -out server.key 1024 #创建证书输入密码

GeneratingRSA private key, 1024 bit long modulus

.++++++

............................................................++++++

eis 65537 (0x10001)

Enterpass phrase for server.key:

Verifying- Enter pass phrase for server.key:

1.2创建签名请求的证书(CSR)

[root@web02sslkey]# openssl req -new -key server.key -out server.csr

Enter pass phrase forserver.key: （输入上一步设置的密码）

You are about to beasked to enter information that will be incorporated

into your certificaterequest.

What you are about toenter is what is called a Distinguished Name or a DN.

There are quite a fewfields but you can leave some blank

For some fields therewill be a default value,

If you enter ‘.‘, thefield will be left blank.

-----

Country Name (2 lettercode) [XX]:CN

State or Province Name(full name) []:bj

Locality Name (eg,city) [Default City]:bj

Organization Name (eg,company) [Default Company Ltd]:bj

Organizational UnitName (eg, section) []:bj

Common Name (eg, yourname or your server‘s hostname) []:bj

Email Address []:bj

Please enter thefollowing ‘extra‘ attributes

to be sent with yourcertificate request

A challenge password[]:123456

An optional companyname []:123456

1.3在加载SSL支持的Nginx并使用上述私钥时除去必须的口令：

[root@web02sslkey]# cp server.key server.key.org

[root@web02sslkey]#  openssl rsa -in server.key.org-out server.key

Enterpass phrase for server.key.org:

writingRSA key

1.4最后标记证书使用上述私钥和CSR

[root@web02sslkey]# openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crt

Signature ok

subject=/C=CN/ST=bj/L=bj/O=bj/OU=bj/CN=bj/emailAddress=bj

Getting Private key

2.   配置nginx

2.1修改Nginx配置文件

vim blog.conf #在开头加入下面几行

server_nameblog.etiantian.org;

 listen 443;

 ssl on;

 ssl_certificate/application/nginx/sslkey/server.crt;

 ssl_certificate_key/application/nginx/sslkey/server.key;

本文出自 “10997527” 博客，请务必保留此出处http://11007527.blog.51cto.com/10997527/1982886

Nginx 实现Https访问

原文地址：http://11007527.blog.51cto.com/10997527/1982886