一、环境介绍:
1、Nginx服务器(系统:CentOS6.5)
2、已经授权的证书:
证书包括:
a、Cert.csr
b、Server.key
证书申请:https://www.wosign.com/
(如果无法提供收费证书也可以使用自定义证书,详细步骤以下:)
a、创建服务器私钥
# openssl genrsa -des3 -out Server.key 1024
b、创建签名请求的证书(CSR):
# openssl req -new -key Server.key -out Cert.csr
c、在加载SSL支持的Nginx并使用上述私钥时必须除去口令
# cp Server.key Server.key.org
# openssl rsa -in Server.key.org -out Server.key
二、Nginx部署
1、上传证书
# yum -y install lrzsz
# cd /etc/nginx
# mkdir cert && cd cert
# rz
2、配置Nginx
# openssl x509 -req -days 365 -in Cert.csr -signkey Server.key -out Cert.crt
# cd /etc/nginx/conf.d/
# vim default.conf # 在server模块中添加##号中的信息:
server{
listen 80 default_server;
listen [::]:80 default_server;
root /usr/share/nginx/html;
##################### The Web Server Certer ################
server_name localhsot;
listen 443;
ssl on;
ssl_certificate /etc/nginx/Cert/Cert.crt;
ssl_certificate_key /etc/nginx/Cert/Server.key;
############################################################
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
}
三、测试:
1、重启Nginx服务:
# server nginx restart
2、使用浏览器访问
https://YouDomainName
附:
以下为在此过程中可能会遇到的问题及解决方法:
Q1
启动Nginx时出现报错信息:
# service nginx restart
nginx: [emerg] PEM_read_bio_X509_AUX("/etc/nginx/Cert/certreq.csr") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)
nginx: configuration file /etc/nginx/nginx.conf test failed
解决方法:
# openssl x509 -req -days 365 -in certreq.csr -signkey server.key -out certreq.crt
# vim /etc/nginx/conf.d/default.conf
##### 确认以下信息是否正确,特别注意两个证书名称 ####
ssl_certificate /etc/nginx/Cert/Cert.crt;
ssl_certificate_key /etc/nginx/Cert/Server.key;
至此Nginx的HTTPS服务已经全部部署完毕,如有问题请回复留言!谢谢!
