nginx 如何配置狗爹的 ssl 证书
1,通过 SSH 连接至您的服务器
2,运行以下命令:
openssl req -new -newkey rsa:2048 -nodes -keyout 您的域名.key -out 您的域名.csr3,输入申请信息,如下:
[root@centos-1gb-sgp1-01 ~]# openssl req -new -newkey rsa:2048 -nodes -keyout local.key -out local.csr
Generating a 2048 bit RSA private key
.........................................................+++
......................................................+++
writing new private key to 'local.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
4,在文本编辑器中打开 CSR后缀文件,然后复制所有文本。
[root@centos-1gb-sgp1-01 ~]# vi local.csr5,将完整的 CSR 粘贴到您账户的 SSL 申请区域。(狗爹会自动显示你绑定的域名)
6,提交无误之后,会跳转到如下页面:
7,下载证书,并上传的nginx服务器:
8,解压可看到2个文件,将3d开头文件中的内容添加到gd开头文件的后面(如果重启ngxin报错,可反着试下):
3d56a44ee73fe84d.crt
gd_bundle-g2-g1.crt
9,将gd开头的文件与上面第1步生成的.key文件复制到同一个目录,并配置nginx:
server {
listen 443;
root /www/web/local_cc/public_html;
ssl on;
ssl_certificate cert/gd_bundle-g2-g1.crt; #狗爹上下载的证书(证书目录)
ssl_certificate_key cert/local.key; #第1步生成的.key文件(证书目录)
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
}最后提供狗爹官方ssl证书帮助文档:
小提示
如有侵权请邮件通知