Nginx configures the ssl certificate (intermediate certificate)
Configure the ssl certificate under Nginx, the default configuration file, normal access in the pc browser, cannot be authenticated in the mobile browser
--------------- ---------------------------------------------------------
http:/ /blog.csdn.net/gudufeiyang/article/details/58603402
======================================= ===========================
1) Generate the certificate here Let's Encrypt
https://www.sslforfree.com/create?generate&domains=www.bookshare.cc%20cloud.bookshare.cc%20api.cloud.bookshare.cc%20api.bookshare.cc%20static.bookshare.cc%20passport.bookshare.cc%20console.bookshare.cc
From this website, you can finally get sslforfree.zip
There are three files inside: server certificate certificate.crt | CA certificate ca_bundle.crt | private.key
2) SSL tool
download intermediate certificate and get chain.crt
https://www.myssl.cn/tools/downloadchain.html
Then on this website, the input is: the above server certificate content certificate.crt
You will get two files: intermediate certificate chain.crt , root certificate root.crt
3) Synthesize the content in certificate.crt and chain.crt to get certificate-all.crt
server{
listen 443 ssl;
charset utf-8;
server_name cloud.bookshare.cc api.cloud.bookshare.cc api.bookshare.cc static .bookshare.cc passport.bookshare.cc console.bookshare.cc;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
#ssl_dhparam /opt/dhparam/keys/dhparams.pem;
ssl_certificate /usr/local/openresty/nginx/conf/sslforfree/ certificate-all.crt ;
ssl_certificate_key /usr/local/openresty/nginx/conf/sslforfree/ private.key ;
}