Linux中Nginx添加自签证书TLS的方法


    创建自签证书TLS
    
openssl req -newkey rsa:2048 -x509 -nodes -keyout test.com.key -new -out test.com.crt -subj /CN=test.com -reqexts SAN -extensions SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:test.com')) -sha256 -days 3650

    查看自签证书信息
    openssl x509 -in test.com.crt -noout -text
    配置使用TLS证书
    nginx配置内容如下:
    
server {
 listen 443;
 server_name test.com ;
 ssl on;
 ssl_certificate /etc/pki/tls/test.crt;
 ssl_certificate_key /etc/pki/tls/test.key;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 # Fix 'The Logjam Attack'.
 ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
 ssl_prefer_server_ciphers on;
 ......
 ......
}

    
相关文章!