繁杂的命令,以下准备写好的sh,拷贝https.sh文件,设置执行权限:chmod u+x https.sh
#!/bin/sh # create self-signed server certificate: read -p "Enter your domain [www.example.com]: " DOMAIN echo "Create server key..." openssl genrsa -des3 -out $DOMAIN.key 1024 echo "Create server certificate signing request..." SUBJECT="/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=$DOMAIN" openssl req -new -subj $SUBJECT -key $DOMAIN.key -out $DOMAIN.csr echo "Remove password..." mv $DOMAIN.key $DOMAIN.origin.key openssl rsa -in $DOMAIN.origin.key -out $DOMAIN.key echo "Sign SSL certificate..." openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt echo "TODO:" echo "Copy $DOMAIN.crt to /etc/nginx/ssl/$DOMAIN.crt" echo "Copy $DOMAIN.key to /etc/nginx/ssl/$DOMAIN.key" echo "Add configuration in nginx:" echo "server {" echo " ..." echo " listen 443 ssl;" echo " ssl_certificate /etc/nginx/ssl/$DOMAIN.crt;" echo " ssl_certificate_key /etc/nginx/ssl/$DOMAIN.key;" echo "}"
#./https.sh
1.输入你要自签名的域名地址或任意名称
2.输入一个KEY即密钥,任意字符串,最好长度32位为好
3.4次输入相同的key即可
当前目录下会生成四个文件:
-rw-r--r-- 1 root root 863 Jun 14 10:43 sgfoot.crt #自签名的证书 -rw-r--r-- 1 root root 655 Jun 14 10:43 sgfoot.csr #证书的请求 -rw-r--r-- 1 root root 891 Jun 14 10:43 sgfoot.key #不带口令的Key -rw-r--r-- 1 root root 963 Jun 14 10:43 sgfoot.origin.key #带口令的Key
#cd nginx/conf/sgfoot.conf
使用不带口令的key
server { listen 443; ssl on; ssl_certificate /etc/nginx/ssl/sgfoot.crt; ssl_certificate_key /etc/nginx/ssl/sgfoot.key; }