SSL证书生成与Nginx配置,UCC证书生成(linux)

今天花了点时间研究了SSL,发现好多免费的都不怎么靠谱,收费的也五花八门。最终选择了大品牌godaddy,先简单介绍下SSL https证书。证书主要分为三种

  1. DV,主要是验证域名,最便宜最实用
  2. OV,验证组织,不知道干嘛的
  3. EV ,验证公司,在地址栏也会显示公司名字,非常酷炫,但是巨贵,一般用于有付款的网站

我搞了个UCC,后来发现和正常不一样,他是一个主域名,几个别名。不过只需要生成一次用起来一样。只是生成方式不太相同,网上找了半天没找到,后来自己搞定了,贴出来给大家。

  1. 去一个目录,比如,/etc/nginx/ssl
  2. 生成一个key,openssl genrsa -out nginx.key 2048
  3. 创建一个配置文件
[ req ]
default_bits = 2048
default_keyfile = nginx.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Virginia
localityName = Locality Name (eg, city)
localityName_default = Alexandria
organizationName = Organization Name (eg, company)
organizationName_default = Jingenius, LLC
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Jingenius, LLC
commonName = Common Name (eg, YOUR name)
commonName_default = jing.do
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
emailAddress_default = pjsky@foxmail.com
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = blog.jing.do
DNS.2 = xxx.com
DNS.3 = ss.com

4.生成csr。openssl req -new   -key nginx.key -out nginx.csr  -config san.cfg

———————————顺便写下正常的证书怎么做—————————————-

sudo mkdir /etc/nginx/ssl
cd /etc/nginx/ssl

#生成private key

sudo openssl genrsa -des3 -out server.key 2048

这里问你输入一个passphrase,选择一个容易记得,下一步会需要输入。

#生成 CSR

sudo openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [AU]:US #国家代码
State or Province Name (full name) [Some-State]:New York #省份
Locality Name (eg, city) []:NYC #城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc #公司名称
Organizational Unit Name (eg, section) []: #部门名称
Common Name (e.g. server FQDN or YOUR name) []: www.example.com
Email Address []: admin@example.com #管理员邮箱

 

————————Nginx———————–

 

server {
listen 443;
server_name example.com;

root /usr/share/nginx/www;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
}

 

如果想把 http 的请求转到 https 的话:

server {
listen 80;
server_name example.me;
rewrite ^ https://$server_name$request_uri? permanent;
}

 

喜欢的话订阅一个呗~第一时间收到文章更新哟~

发表评论

电子邮件地址不会被公开。