Nginx配置ssl证书(中间证书)
在Nginx下配置ssl证书,默认的配置文件,在pc浏览器中正常访问,在手机浏览器中无法认证
--------------------------------------------------------------
http://blog.csdn.net/gudufeiyang/article/details/58603402
==============================================================
1)在这里生成证书 Let's Encrypt
https://www.sslforfree.com/create?generate&domains=www.bookshare.cc%20cloud.bookshare.cc%20api.cloud.bookshare.cc%20api.bookshare.cc%20static.bookshare.cc%20passport.bookshare.cc%20console.bookshare.cc
从这个网站下,最终能得到sslforfree.zip
里面有三个文件: 服务器证书certificate.crt | CA证书ca_bundle.crt | private.key
2)SSL 工具
下载中间证书,得到chain.crt
https://www.myssl.cn/tools/downloadchain.html
然后在这个网站,输入内容是:上面的服务器证书内容certificate.crt
会得到两个文件:中间证书chain.crt、根证书root.crt
3)合成 certificate.crt和 chain.crt中的内容,得到 certificate-all.crt
server{
listen 443 ssl;
charset utf-8;
server_name cloud.bookshare.cc api.cloud.bookshare.cc api.bookshare.cc static.bookshare.cc passport.bookshare.cc console.bookshare.cc;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#ssl_dhparam /opt/dhparam/keys/dhparams.pem;
ssl_certificate /usr/local/openresty/nginx/conf/sslforfree/ certificate-all.crt;
ssl_certificate_key /usr/local/openresty/nginx/conf/sslforfree/ private.key;
}