-
创立 openssl 所需的配置文件 localhost.conf
[req] default_bits = 2048 # RSA 的 2048 是公认较比拟平安的 key 长度 default_keyfile = server-key.pem distinguished_name = subject req_extensions = req_ext x509_extensions = x509_ext string_mask = utf8only [subject] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = NY localityName = Locality Name (eg, city) localityName_default = New York organizationName = Organization Name (eg, company) organizationName_default = Example, LLC commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = Example Company emailAddress = Email Address emailAddress_default = test@example.com [x509_ext] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment subjectAltName = @alternate_names nsComment = "OpenSSL Generated Certificate" [req_ext] subjectKeyIdentifier = hash basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment subjectAltName = @alternate_names nsComment = "OpenSSL Generated Certificate" [alternate_names] DNS.1 = 192.168.XXX.XXX # 留神这里个别改为本人本地的 ip 或者域名
- 生成证书
localhost.crt
,localhost.key
openssl 运行命令./openssl.exe req -config localhost.conf -new -sha256 -newkey rsa:2048 -nodes -keyout localhost.key -x509 -days 365 -out localhost.crt
- 拷贝证书到
nginx-1.18.0\conf\ssl
目录(新建 ssl)下 -
配置 nginx
nginx.conf 减少 server 配置项server { listen 443 ssl; # 不变 # ssl_certificate ssl/localhost.crt; # ssl_certificate_key ssl/localhost.key; ssl_certificate ssl/192.168.56.26.crt; # 指向证书地址,ps: 相对路径是绝对与 nginx.conf 目录 ssl_certificate_key ssl/192.168.56.26.key; # 指向证书地址,ps: 相对路径是绝对与 nginx.conf 目录 location /p { alias E:/p; index index.html index.htm; } }
- ./nginx.exe -t 验证 config 是否 ok,./nginx.exe -s reload 重启