93.Nginx配置:负载均衡和SSL配置
1、生成自定义的SSL证书(仅坐试验用)# openssl genrsa -des3 -out tmp.key 2048 //没有openssl命令,则通过“yum install -y openssl”安装 Generating RSA private key, 2048 bit long modulus ...................................................................................+++ .......................................................................................................................................................+++ e is 65537 (0x10001) Enter pass phrase for tmp.key: Verifying - Enter pass phrase for tmp.key: //这一步操作是生成key即“私钥”,2048为加密字符长度,会让我们输入密码,不能太短,否者不成功。 # openssl rsa -in tmp.key -out sdwaqw.key Enter pass phrase for tmp.key: writing RSA key //把tmp.key转化成sdwaqw.key,目的是删除刚才设置的密码,如果不清除密码,后面很不方便 # rm -f tmp.key # openssl req -new -key sdwaqw.key -out sdwaqw.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) :CN State or Province Name (full name) []:JS Locality Name (eg, city) :SZ Organization Name (eg, company) :XXLtd Organizational Unit Name (eg, section) []:sdwaqw.com Common Name (eg, your name or your server's hostname) []:ZZ Email Address []:a@a.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:zzz123456 An optional company name []:z //生成证书请求文件,key文件和csr文件生成最终的公钥文件。Common Name为后面配置Nginx配置文件server_name # openssl x509 -req -days 365 -in sdwaqw.csr -signkey sdwaqw.key -out sdwaqw.crt Signature ok subject=/C=CN/ST=JS/L=C/O=C/OU=C/CN=sdwaqw.com/emailAddress=z Getting Private key # ls |grep sdwaqw sdwaqw.crt sdwaqw.csr sdwaqw.key //最终生成crt证书,也就是公钥
页:
[1]