Linux apache下导入SSL证书
自制ssl凭证建立凭证文件
# cd /etc/pki/tls/certs/
# make xxx.key
# mv xxx.key xxx.key.raw
# openssl rsa -in xxx.key.raw -out xxx.key
# rm -f xxx.key.raw
# chmod 400 xxx.key
# make xxx.crt SERIAL=随即数字 (避免本机生成多个crt 浏览器识别时会有错误)
根据提示输入
# ll xxx.*
-rw-------. 1 root root 1407 11月 26 07:53 xxx.crt
-r--------. 1 root root 1675 11月 26 07:49 xxx.key
修改ssl.conf内容 使用自制凭证
# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/xxx.crt # mkdir /var/openssl
Shell># mv server* /var/openssl
Shell># chown –R nginx /var/openssl
配置Nginx
Shell>#vi /etc/nginx/nginx.conf
user nginx;
worker_processes1;
events {
useepoll
worker_connections1024;
multi_accepton;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout65;
server{
listen 443;
server_namelocalhost;
ssl on;
ssl_certificate /var/openssl/server.crt;
ssl_certificate_key /var/openssl/server_nopass.key;
location / {
root /var/www/html/;
indexindex.html index.htm;
}
error_page 500 502 503504/50x.html;
location = /50x.html {
root html;
}
}
}
重启nginx,然后开放443端口。
测试,我们可以尝试是使用https访问我们的系统站
页:
[1]