# 用JDK自带的Keytool生成keystore文件
keytool -genkey -alias tomcat -keyalg RSA -keypass Envisi0n -storepass Envisi0n -keystore server.keystore -validity 3600
# 修改 server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/local/tomcat8/conf/server.keystore"
keystorePass="dsideal" />
OpenResty使用https
cd /usr/local/software
# 开始生成RSA的私钥
openssl genrsa -out rsa_private_key.pem 2048
# 生成一个证书请求
openssl req -new -x509 -key rsa_private_key.pem -out cacert.pem -days 1095
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:jl
Locality Name (eg, city) [Default City]:changchun
Organization Name (eg, company) [Default Company Ltd]:dsideal
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:huanghai
Email Address []:10402852@qq.com
#Nginx配置中,需要修改的地方:
vi /usr/local/openresty/nginx/conf/nginx.conf
server{
listen 443;
server_name localhost;
ssl on;
ssl_certificate /usr/local/openresty/nginx/conf/cacert.pem;
ssl_certificate_key /usr/local/openresty/nginx/conf/rsa_private_key.pem;
server_name 192.168.10.70
ssl_session_timeout 5m;
}
# 在iptables中打开ssl使用到的443端口,重启iptables.