生成Nginx本地证书
一、下载OpenSSL工具
1.下载地址
http://slproweb.com/products/Win32OpenSSL.html
2.滚动下面,点击对应版本下载
3.配置环境变量
二、证书生成
1.生成证书
keytool -genkey -v -alias nginx -keyalg RSA -keystore nginx.keystore -validity 36500nginx.keystore:文件名
alias:别名
validity:有效期(天)
2.输入证书参数
3.生成pfx证书
keytool -v -importkeystore -srckeystore nginx.keystore -srcstorepass 123456 -destkeystore nginx.pfx --deststoretype pkcs12 -deststorepass 123456 -destkeypass 123456srckeystore:第1步的文件名
srcstorepass:第1步设置的密码
destkeystore:生成的文件名
deststorepass,destkeypass:设置证书密码
4.根据pfx生成pem
openssl pkcs12 -in nginx.pfx -nodes -out nginx.pem5.根据pem生成crt
openssl x509 -in nginx.pem -out nginx.crt6.根据pem生成key
openssl rsa -in nginx.pem -out nginx.key三、nginx配置
server {
listen 443 ssl;
server_name localhost;
ssl_certificate D:/Development/Nginx/mss_elk-nginx-1.23.0/cert/nginx.crt;
ssl_certificate_key D:/Development/Nginx/mss_elk-nginx-1.23.0/cert/nginx.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://insightx.cloudfall.cn:5601;
}
}
其它方式:
# C: 国家代码 (Country),必填项
# ST: 州或省 (State or Province)
# L: 地区 (Locality)
# O: 组织 (Organization),必填项
# OU: 组织单位 (Organizational Unit)
# CN: 公共名称 (Common Name),通常是网站的域名或IP地址,必填项
# 示例
# openssl req -newkey rsa:2048 -new -x509 -days 1780 -nodes -out cert.pem -keyout key.pem
# openssl req -new -key private.key -out private.csr -subj "/C=CN/ST=shanghai/L=shanghai/O=example/OU=it/CN=domain1/CN=domain2"
# 实践
# openssl req -newkey rsa:2048 -new -x509 -days 999999 -nodes -out cert.pem -keyout key.pem -subj "/C=CN/O=XX/CN=XX.CN"
mkdir -p /usr/local/websockify/ssl
cd /usr/local/websockify/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx.key -out nginx.crt \
-subj "/C=US/ST=State/L=City/O=Organization/OU=Department/CN=example.com"
chmod 644 *赞(1)
赏