{"id":16,"date":"2015-03-11T22:08:59","date_gmt":"2015-03-11T14:08:59","guid":{"rendered":"http:\/\/www.q25.net\/?p=16"},"modified":"2015-07-26T00:00:58","modified_gmt":"2015-07-25T16:00:58","slug":"%e8%87%aa%e5%b7%b1%e5%88%b6%e4%bd%9cnginx-ssl%e4%b8%bb%e6%9c%ba%e4%bd%bf%e7%94%a8%e7%9a%84%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"http:\/\/www.q25.net\/?p=16","title":{"rendered":"\u81ea\u5df1\u5236\u4f5cnginx SSL\u4e3b\u673a\u4f7f\u7528\u7684\u8bc1\u4e66"},"content":{"rendered":"<p>  \u9996\u5148\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u751f\u6210\u4e00\u4e2akey<br \/>\n  openssl genrsa -des3 -out ssl.key 2048<br \/>\n  \u7136\u540e\u4ed6\u4f1a\u8981\u6c42\u4f60\u8f93\u5165\u8fd9\u4e2akey\u6587\u4ef6\u7684\u5bc6\u7801\u3002\u56e0\u4e3a\u4ee5\u540e\u8981\u7ed9nginx\u4f7f\u7528\u3002\u6bcf\u6b21reload nginx\u914d\u7f6e\u65f6\u5019\u90fd\u8981\u4f60\u9a8c\u8bc1\u8fd9\u4e2aPAM\u5bc6\u7801\u7684\u3002<br \/>\n  \u7531\u4e8e\u751f\u6210\u65f6\u5019\u5fc5\u987b\u8f93\u5165\u5bc6\u7801\u3002\u4f60\u53ef\u4ee5\u8f93\u5165\u540e \u518d\u5220\u6389\u3002<br \/>\n  openssl rsa -in ssl.key -out ssl.key<\/p>\n<p>   \u7136\u540e\u6839\u636e\u8fd9\u4e2akey\u6587\u4ef6\u751f\u6210\u8bc1\u4e66\u8bf7\u6c42\u6587\u4ef6<br \/>\n   openssl req -new -key ssl.key -out ssl.csr<br \/>\n   \u4ee5\u4e0a\u547d\u4ee4\u751f\u6210\u65f6\u5019\u8981\u586b\u5f88\u591a\u4e1c\u897f \u4e00\u4e2a\u4e2a\u770b\u7740\u5199\u5427\uff08\u53ef\u4ee5\u968f\u4fbf\uff0c\u6bd5\u7adf\u8fd9\u662f\u81ea\u5df1\u751f\u6210\u7684\u8bc1\u4e66\uff09<\/p>\n<p>    \u6700\u540e\u6839\u636e\u8fd92\u4e2a\u6587\u4ef6\u751f\u6210crt\u8bc1\u4e66\u6587\u4ef6<br \/>\n   openssl x509 -req -days 3650 -in ssl.csr -signkey ssl.key -out ssl.crt<\/p>\n<p>    \u5982\u679c\u9700\u8981\u7528pfx \u53ef\u4ee5\u7528\u4ee5\u4e0b\u547d\u4ee4\u751f\u6210<br \/>\n    openssl pkcs12 -export -inkey ssl.key -in ssl.crt -out ssl.pfx<\/p>\n<p>    \u5728\u9700\u8981\u4f7f\u7528\u8bc1\u4e66\u7684nginx\u914d\u7f6e\u6587\u4ef6\u7684server\u8282\u70b9\u91cc\u52a0\u5165\u4ee5\u4e0b\u914d\u7f6e\u5c31\u53ef\u4ee5\u4e86\u3002<br \/>\n   ssl on;<br \/>\n   ssl_certificate \/home\/ssl.crt;<br \/>\n   ssl_certificate_key \/home\/ssl.key;<br \/>\n   ssl_session_timeout 5m;<br \/>\n   ssl_protocols   SSLv3 TLSv1 TLSv1.1 TLSv1.2 SSLv2;<br \/>\n   ssl_ciphers     AES128+EECDH:AES128+EDH:!aNULLi:AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;<br \/>\n   ssl_prefer_server_ciphers on;<br \/>\n    \u7136\u540e\u91cd\u542fnginx\u5c31\u5927\u529f\u544a\u6210\u4e86<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u9996\u5148\u6267\u884c\u5982\u4e0b\u547d\u4ee4\u751f\u6210\u4e00\u4e2akey open&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.q25.net\/index.php?rest_route=\/wp\/v2\/posts\/16"}],"collection":[{"href":"http:\/\/www.q25.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.q25.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.q25.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.q25.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16"}],"version-history":[{"count":2,"href":"http:\/\/www.q25.net\/index.php?rest_route=\/wp\/v2\/posts\/16\/revisions"}],"predecessor-version":[{"id":33,"href":"http:\/\/www.q25.net\/index.php?rest_route=\/wp\/v2\/posts\/16\/revisions\/33"}],"wp:attachment":[{"href":"http:\/\/www.q25.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.q25.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.q25.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}