前提:
1、主机要先安装openssl
2、编译安装nginx时,要加上--with-openssl和--with-http_ssl_module
2、修改配置文件openssl.cnf
vim /etc/pki/tls/openssl.cnf
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = /etc/pki/CA #证书的根目录,要记住这个目录
certs = $dir/certs
crl_dir = $dir/crl
database = $dir/index.txt
#unique_subject = no
new_certs_dir = $dir/newcerts
certificate = $dir/ca.crt # 修改这里,表示签名时使用的证书
serial = $dir/serial
crlnumber = $dir/crlnumber
crl = $dir/crl.pem
private_key = $dir/private/cakey.pem
RANDFILE = $dir/private/.rand
3、复制证书到证书根目录/etc/pki/CA下,并在该目录下创建空文件index.txt和serial,并向serial输入”01“
cd /etc/pki/CA
cp /root/ca.crt .
touch index.txt
touch serial
echo "01" >serial
4、生成服务器RSA私钥/root/server.key
openssl genrsa -des3 -out /root/server.key 1024
5、为私钥去除口令
openssl rsa -in /root/server.key -out /root/server_nopwd.key
8、重启服务
~~~~完成,在客户端上输入https://x.x.x.x即可访问
--------------------------------------分割线 --------------------------------------
--------------------------------------分割线 --------------------------------------