Linux:使用ssl加密网站为https
生成对应的数字证书以及密钥
bash
[root@server100 ~]# openssl req -newkey rsa:2048 -nodes -sha256 -keyout /etc/nginx/certs/timinglee.org.key -x509 -days 365 -out /etc/nginx/certs/timinglee.org.crt
......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.......+.+......+..+......+......+.+..+.+............+...+...........+...+............+.+.....+...+..........+.........+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+....+........................+.........+.....+......+.......+.........+.....+...+..........+....................+.+..+...............+....+...+...+...+....................+.+.....+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*............+................+...+.........+..+...+.......+.....+.+..+.+..+..........+.........+......+.....+...+......+...+.+...........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.......+.....+.......+...+..............+......+........................+...+...............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:china
String too long, must be at most 2 bytes long
Country Name (2 letter code) [XX]:shannxi
String too long, must be at most 2 bytes long
Country Name (2 letter code) [XX]:86
State or Province Name (full name) []:shannxi
Locality Name (eg, city) [Default City]:xian
Organization Name (eg, company) [Default Company Ltd]:openlab
Organizational Unit Name (eg, section) []:RHCE
Common Name (eg, your name or your server's hostname) []:shanxin
Email Address []:[email protected]
[root@server100 ~]# cat /etc/nginx/certs/timinglee.org.key
[root@server100 ~]# cat /etc/nginx/certs/timinglee.org.crt配置虚拟主机基于https访问
bash
[root@server100 ~]# vim /etc/nginx/conf.d/vhosts.conf
server{
listen 443 ssl;
server_name login.timinglee.org;
ssl_certificate "/etc/nginx/certs/timinglee.org.crt";
ssl_certificate_key "/etc/nginx/certs/timinglee.org.key";
root /usr/share/nginx/virtual/login;
index index.html;
}
[root@server100 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@server100 ~]# systemctl restart nginx.service
[root@server100 ~]# mkdir -p /usr/share/nginx/virtual/login
[root@server100 ~]# echo 'login.timinglee.org' > /usr/share/nginx/virtual/login/index.html