日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 运维知识 > linux >内容正文

linux

linux系统自签发免费ssl证书,为nginx生成自签名ssl证书

發布時間:2025/3/8 linux 21 豆豆
生活随笔 收集整理的這篇文章主要介紹了 linux系统自签发免费ssl证书,为nginx生成自签名ssl证书 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

安裝nginx可參考:
nginx重新編譯支持ssl可參考:
接下來手動配置ssl證書:
自己手動頒發證書的話,那么https是不被瀏覽器認可的,就是https上面會有一個大紅叉
下面是手動頒發證書的操作

切換到nginx配置文件

# cd /usr/local/nginx/conf

創建配置證書目錄

# mkdir ssl # cd ssl

1.生成私鑰

openssl genrsa -des3 -out cert.key 1024 #生成1024的證書私鑰 Generating RSA private key, 1024 bit long modulus ............++++++ ......................++++++ e is 65537 (0x10001) Enter pass phrase for cert.key: #提示輸入密碼 Verifying - Enter pass phrase for cert.key: #確認密碼

2.創建證書請求

# openssl req -new -key cert.key -out cert.csr Enter pass phrase for cert.key: #輸入密碼 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:cn #國家 State or Province Name (full name) [Some-State]:shanghai #省份 Locality Name (eg, city) []:shanghai #地區名字 Organization Name (eg, company) [Internet Widgits Pty Ltd]:westos #公司名 Organizational Unit Name (eg, section) []:linux #部門 Common Name (e.g. server FQDN or YOUR name) []:server #CA主機名 Email Address []:root@server #郵箱Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 #證書請求密鑰,CA讀取證書的時候需要輸入密碼 An optional company name []:123456 #公司名稱,CA讀取證書的時候需要輸入名稱

# cp cert.key cert.key.bak # openssl rsa -in cert.key.bak -out cert.key Enter pass phrase for cert.key.bak: #輸入密碼 writing RSA key

3.自簽署證書

·```
#openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.pem
Signature okbr/>subject=/C=cn/ST=shanghai/L=shanghai/O=westos/OU=linux/CN=server/emailAddress=root@server
Getting Private key

![](https://s1.51cto.com/images/blog/201810/25/0645650a76a40436c026da566e3304bb.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=) # ll total 16 -rw-r--r-- 1 root root 749 Oct 25 15:33 cert.csr -rw-r--r-- 1 root root 891 Oct 25 16:13 cert.key -rw-r--r-- 1 root root 963 Oct 25 16:12 cert.key.bak -rw-r--r-- 1 root root 920 Oct 25 16:16 cert.pem

4.將證書導出成瀏覽器支持的p12

# openssl pkcs12 -export -clcerts -in cert.pem -inkey cert.key -out cert.p12 Enter Export Password: Verifying - Enter Export Password: [root@localhost ssl]# ls cert.csr cert.key cert.key.bak cert.p12 cert.pem

5.p12文件中導出公鑰和私鑰

生成cert.key文件

openssl pkcs12 -in cert.p12 -nocerts -nodes -out cert.key

導出公鑰

# openssl rsa -in cert.key -out cert_pri.pem writing RSA key


導出私鑰

# openssl rsa -in cert.key -pubout -out cert_pub.pem

轉載于:https://blog.51cto.com/13363488/2350494

總結

以上是生活随笔為你收集整理的linux系统自签发免费ssl证书,为nginx生成自签名ssl证书的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。