版权声明:转载请附上链接 https://blog.csdn.net/qq_37684859/article/details/88762508
-
步骤一:配置SSL虚拟主机
-
1)生成私钥与证书
[root@svr5 ~]# cd /usr/local/nginx/conf
[root@svr5 ~]# openssl genrsa -out cert.key #生成私钥
[root@svr5 ~]# openssl req -new -x509 -key cert.key -out cert.pem #生成证书
#输入国家NC,其它随意输入
- 2)修改Nginx配置文件,设置加密网站的虚拟主机
[root@svr5 ~]# vim /usr/local/nginx/conf/nginx.conf
… …
server {
listen 443 ssl;
server_name www.test.com;
ssl_certificate cert.pem; #证书的名称
ssl_certificate_key cert.key; #私钥名称
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
[root@prxy conf]# /usr/local/nginx/sbin/nginx -s reload #重启服务
-
步骤二:客户端验证
-
1)修改客户端主机192.168.4.100的/etc/hosts文件,进行域名解析
[root@client ~]# vim /etc/hosts
192.168.4.5 www.test.com
- 2)登录192.168.4.100客户端主机进行测试
[root@client ~]# firefox https://www.test.com #信任证书后可以访问
