1 查看open ssl 支持
在网页上输出 phpinfo()
<= phpinfo() >搜索OpenSSL support选项,如果为enabled,表示支持。
2 生成私钥
keyread为网站名称,可以按你的来写
生成需要密码的私钥,过程中会让你输入密码,用于保护
sslkey openssl genrsa -des3 -out keyread.private.pem 2048生成不需要密码保护的私钥
sslkey openssl genrsa -out keyread.private.pem 2048这样在目录下会有一个keyread.private.pem文件
3 生成密钥请求文件
sslkey openssl req -new -key keyread.pem -out keyread.cert.csr在生成的过程中会让你填入国名, 城市名等信息
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:GuangDong
Locality Name (eg, city) []:Guangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Keyread
Organizational Unit Name (eg, section) []:Keyread
Common Name (e.g. server FQDN or YOUR name) []:Keyread
Email Address []:alex_my@126.com这样在目录下会有一个keyread.cert.csr文件,可以拿着这个文件到第三方认证机构生成最终的证书。
4 测试用的证书
自己认证自己的证书,而不是交钱给第三方。
openssl req -new -x509 -key keyread.private.pem -out keyread.debug.pem -days 365这里用到了密钥keyread.private.pem
5 配置虚拟主机中的文件
这里使用的是nginx。
server {
charset utf-8;
client_max_body_size 128M;
listen 443 ssl;
ssl on;
ssl_certificate /Users/alex/WWW/sslkey/keyread.debug.pem;
ssl_certificate_key /Users/alex/WWW/sslkey/keyread.private.pem;
server_name keyread.xyz;
root '/Users/alex/WWW/keyread/web/';
index index.php;
access_log /Users/alex/WWW/logs/keyread.com/access.log;
error_log /Users/alex/WWW/logs/keyread.com/error.log;
location / {
# Redirect everything that isn't a real file to index.php
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000;
try_files $uri =404;
}
location ~ /\.(ht|svn|git) {
deny all;
}
}
