產生私鑰
openssl genrsa -des3 -out privkey.key 2048
產生 CSR
openssl req -new -key privkey.key -out ca.csr <<EOF
TW
Taiwan
Taipei
INIC
G
MIS
email
EOF
去除私鑰密碼
openssl rsa -in privkey.key -out ca.key
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt
複製金鑰
mkdir /etc/nginx/ssl
cp ca.crt /etc/nginx/ssl/nginx.crt
cp ca.key /etc/nginx/ssl/nginx.key
編輯 /etc/nginx/sites-enabled/default
server {
listen 80 default_server;
listen [::]:80 default_server;
# 加入 SSL 設定
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# 憑證與金鑰的路徑
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
# ...
}
沒有留言:
張貼留言