1.可用openssl生成私钥和自签名证书 安装openssl
sudo yum install openssl -y
2.生成ssl证书 365天期限
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/nginx-selfsigned.key \
-out /etc/ssl/certs/nginx-selfsigned.crt
3、按照提示编写信息
Country Name (2 letter code) [XX]: CN # 国家代码(如 CN)
State or Province Name (full name) []: Beijing # 省份
Locality Name (eg, city) []: Beijing # 城市
Organization Name (eg, company) []: AGIL # 组织名(可自定义)
Organizational Unit Name (eg, section) []: IT # 部门名(可自定义)
Common Name (eg, server FQDN) []: 192.168.xx.xx # 服务器IP或本地域名(重要!填写实际访问的IP或 `localhost`)
Email Address []: admin@example.com # 邮箱(可留空)
4、检验证书和私钥是否生成
sudo ls -l /etc/ssl/private/nginx-selfsigned.key /etc/ssl/certs/nginx-selfsigned.crt
5、修改nginx配置文件(查看附件)
6,防火墙放行https
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload
7.查看证书有效期
openssl x509 -in xxx.crt -noout -dates