颁发不受浏览器信任的SSL证书

颁发不受浏览器信任的SSL证书

 

颁发不受浏览器信任的SSL证书

 

# 生成一个RSA密钥 

$ openssl genrsa -des3 -out crabdave.key 1024

 

 

# 生成一个证书请求

$ openssl req -new -key crabdave.key -out crabdave.csr

 

# 拷贝一个不需要输入密码的密钥文件

$ openssl rsa -in crabdave.key -out crabdave_nopass.key

 

Country Name (2 letter code) [GB]:CN

State or Province Name (full name) [Berkshire]:Beijing

Locality Name (eg, city) [Newbury]:Beijing

Organization Name (eg, company) [My Company Ltd]:crabdave.org

Organizational Unit Name (eg, section) []:development

Common Name (eg, your name or your server's hostname) []:*.crabdave.org

Email Address []:admin@crabdave.org

A challenge password []:直接回车

An optional company name []:直接回车

 

# 自己签发证书

$ openssl x509 -req -days 365 -in crabdave.csr -signkey crabdave.key -out crabdave.crt

 

编辑配置文件nginx.conf

 

        listen   443;

        server_name  nexus.crabdave.org;

 

        # allow large uploads of files - refer to nginx documentation

        #client_max_body_size 1G

 

        # optimize downloading files larger than 1G - refer to nginx doc before adjusting

        #proxy_max_temp_file_size 2G

 

        ssl on;

        ssl_certificate      /usr/local/nginx/conf/crabdave.crt;

        ssl_certificate_key  /usr/local/nginx/conf/crabdave_nopass.key;

 

        location / {

            proxy_pass http://127.0.0.1:8081/nexus/;

            proxy_set_header Host $host;

            proxy_set_header X-Real-IP $remote_addr;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header X-Forwarded-Proto "https";

        }

 

 

参考：http://www.linuxidc.com/Linux/2013-08/88271.htm