实验!(自己给自己颁发证书,实验用,)

1.前言: 基于https的协议工作的一中虚拟主机,要构建这样的网站需要mod_ssl模块的支持。且需要提供两个文件:证书文件和私钥文件,证书文件是标识这个网站服务器身份的,私钥文件主要用来实现在服务器端对数据进行加密,然后在网站中传输的。证书在生产生活中需要到对应的机构去申请,在实验环境中本应该搭建一台证书服务器,

生成证书及密钥文件 1.准备存放证书和密钥的的目录: mdkir -p /etc/nginx/ssl 2.生成私钥: openssl genrsa 1024 > /etc/nginx/ssl/server.key 3.使用秘钥文件生成证书-申请书 :openssl req -new -key /etc/nginx/ssl/server.key > /etc/nginx/ssl/server.csr

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.

Country Name (2 letter code) [XX]:CN ###国家名(两个字 State or Province Name (full name) []:BJ ###省会(两个字 Locality Name (eg, city) [Default City]:BJ ###城市 Organization Name (eg, company) [Default Company Ltd]:: ###组织名 Organizational Unit Name (eg, section) []:cloud ##组织单位名 Common Name (eg, your name or your server's hostname) []:nginx.linux.com ##服务器的名字或者你的名字 Email Address []:12345678@qq.com ###可选 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: ###密码为空 An optional company name []: ####密码为空 Common Name (eg, your name or your server's hostname) []: ###公司名空

4.查看申请书: ls /etc/nginx/ssl/ server.csr (证书申请) server.key (私钥) 5.同意申请,生成证书: openssl req -x509 -days 365 -key /etc/nginx/ssl/server.key -in /etc/nginx/ssl/server.csr > /etc/nginx/ssl/server.crt 注释: (1):-x509:证书的格式,固定的 (2):days:证书的有效期,生产生活中时间不同,价格不同 (3):key:指定秘钥文件 (4):in:指定证书申请文件 6.查看证书: ll /etc/nginx/ssl/ 8.完事!

二、80端口重定向到443端口

1.打开nginx的配置文件在server里边写入!配置文件如下! 在最下边再写一个server! server { listen 80; server_name 10.8.162.141; rewrite ^(.*)$ https://${server_name}$1 permanent; } 浏览器访问即可!