Shulou(Shulou.com)06/01 Report--

The minimalist certificate openssl genrsa-des3-out server.key 1024 # generates the private key (key), sets the password openssl req-new-key server.key-out server.csr # to generate requestcp server.key server.key.oriopenssl rsa-in server.key.ori-out server.key # removes the private key password (otherwise you need to enter the password to start nginx, etc.) openssl x509-req-days-in server.csr-signkey server.key-out server.crt # self-signed public key

Nginx configuration

Server {listen 443; server_name www.abc.com; root / var/www/; autoindex on; ssl on; ssl_certificate / etc/nginx/sslkey/server.crt; ssl_certificate_key / etc/nginx/sslkey/server.key; # access_log / var/log/nginx/www.abc.com-access.log main # error_log / var/log/nginx/www.abc.com-error.log warn;}

Self-built ca, signature, one-way signature (unlimited client, verification server)

Cat / etc/ssl/openssl.cnf modifies democa to openssl working directory

Under the working directory

Touch index.txt serialchmod 666 index.txt serialecho 01 > serialmkdir-p newcerts private

Ca

Openssl genrsa-des3-out. / private/ca.key 2048 # self-built ca keyopenssl req-x509-new-days 3650-key. / private/ca.key-out ca.crt # ca Information and Certificate

Server

Openssl genrsa-out. / server/server.key 1024openssl req-new-key. / server/server.key-out. / server/server.csropenssl ca-in. / server/server.csr-cert. / ca.crt-keyfile. / private/ca.key-out. / server/server.crt-days 3650 # sign with ca

[2] not associated with the directory, signature

Openssl x509-req-sha256-CA ca.crt-CAkey ca.key-CAcreateserial-in server.csr-out server.crt

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.