1、nginx配置
listen 443 ssl default_server;
ssl on;
ssl_certificate /etc/letsencrypt/server.crt;
ssl_certificate_key /etc/letsencrypt/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
2、生成证书命令
openssl genrsa -des3 -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out 192.168.5.174.pem 2048
openssl rsa -in 192.168.5.174.pem -out 192.168.5.174.key
openssl req -new -key 192.168.5.174.pem -out 192.168.5.174.csr
mkdir -p /etc/pki/CA/newcerts
touch /etc/pki/CA/index.txt
echo "01" > /etc/pki/CA/serial
openssl ca -policy policy_anything -days 365 -cert ca.crt -keyfile ca.key -in 192.168.5.174.csr -out 192.168.5.174.crt