To create a certificate that can be used by OpenSSL https
Personal certificates also made fun of it, the browser is not recognized, there would have been a red security alert, but only to realize I was not the issue encrypted connection.
And Tencent Ali clouds and cloud has a single one-year free domain certificate can be used normally, the browser will not appear red "unsafe" warning, but green "safe" prompt.
The following is a self-generated certificate process.
Download OpenSSL
http://www.slproweb.com/products/Win32OpenSSL.html
here to download the openssl win64 version, and install it.
OpenSSL set up the environment
Set system environment variables
SET OPENSSL_CONF = C: /OpenSSL-Win64/bin/openssl.cfg
SET path = C: \ the OpenSSL-Win64 \ bin;% path%;
The first time you use to create the directory "newcerts"
C: \ OpenSSL-the Win32 \ bin \ PEM \ demoCA \ newcerts
create an empty file "serial" (no extension)
C: \ OpenSSL-the Win32 \ bin \ PEM \ demoCA \ Serial
Production CA certificate
Enter the directory C: \ OpenSSL-Win64 \ bin \ PEM
Ca.key CA private key generated
OpenSSL genrsa--out in ca.key 4096
the CA private key to decrypt the production (typically no such necessary)
OpenSSL RSA -IN in ca.key -out ca_decrypted.key
generating ca.crt CA root certificate (public key ):
OpenSSL REQ -new -key ca.key-x509--days 7304 -out ca.crt
production certificate generation site and use CA-signed certificate
beginning step if the CA certificate already exists or would like to follow, you can directly from this.
Certificate private key is generated:
OpenSSL genrsa -out server.pem 4096
certificate private key to decrypt the production:
OpenSSL rsa -IN server.pem -out server.key
generate Signing Request:
OpenSSL REQ -new -key server.pem -out Server. csr
fill in the common name in this domain, such as blog.creke.net to generate a certificate for the site, but can also use domain names such as Pan * .creke.net to generate a site certificate available to all second-level domain.
Signed with CA:
openssl ca -policy policy_anything -days 3652 -cert ca.crt -keyfile ca.key -in server.csr -out server.crt
Production process
Nginx configuration
以下是 Nginx 启用的部分配置,需要设置 ssl_certificate 和 ssl_certificate_key 指定证书和公钥,并且 listen 443,然后重新启动 Nginx,浏览器就可以用的 https://yourhost 的方式网页了。
转载自:
http://blog.creke.net/762.html
相关文章
http://www.cnblogs.com/gsls200808/p/4502044.html