1 查看open ssl 支持
在网页上输出 phpinfo()
<= phpinfo() >
搜索OpenSSL support选项,如果为enabled,表示支持。
2 生成私钥
keyread为网站名称,可以按你的来写
生成需要密码的私钥,过程中会让你输入密码,用于保护
sslkey openssl genrsa -des3 -out keyread.private.pem 2048
生成不需要密码保护的私钥
sslkey openssl genrsa -out keyread.private.pem 2048
这样在目录下会有一个keyread.private.pem文件
3 生成密钥请求文件
sslkey openssl req -new -key keyread.pem -out keyread.cert.csr
在生成的过程中会让你填入国名, 城市名等信息
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:GuangDong
Locality Name (eg, city) []:Guangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Keyread
Organizational Unit Name (eg, section) []:Keyread
Common Name (e.g. server FQDN or YOUR name) []:Keyread
Email Address []:alex_my@126.com
这样在目录下会有一个keyread.cert.csr文件,可以拿着这个文件到第三方认证机构生成最终的证书。
4 测试用的证书
自己认证自己的证书,而不是交钱给第三方。
openssl req -new -x509 -key keyread.private.pem -out keyread.debug.pem -days 365
这里用到了密钥keyread.private.pem
5 配置虚拟主机中的文件
这里使用的是nginx。
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl on;
ssl_certificate /Users/alex/WWW/sslkey/keyread.debug.pem;
ssl_certificate_key /Users/alex/WWW/sslkey/keyread.private.pem;
server_name keyread.xyz;
root '/Users/alex/WWW/keyread/web/';
index index.php;
access_log /Users/alex/WWW/logs/keyread.com/access.log;
error_log /Users/alex/WWW/logs/keyread.com/error.log;
location / {
# Redirect everything that isn't a real file to index.php
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
try_files $uri =404;
}
location ~ /\.(ht|svn|git) {
deny all;
}
}