Skip to content

Instantly share code, notes, and snippets.

@bydmm

bydmm/cer.md

Last active December 9, 2016 06:26
Show Gist options
  • Save bydmm/0891ac19dd3ee6001525b60717f14637 to your computer and use it in GitHub Desktop.
Save bydmm/0891ac19dd3ee6001525b60717f14637 to your computer and use it in GitHub Desktop.
Download ZIP
SSL证书创建攻略
Raw
cer.md

在本机创建钥匙和对应的证书,私钥还在就跳过这一步。

openssl genrsa -out pathsource.com.key 2048
openssl req -new -key pathsource.com.key -out pathsource.com.csr
  1. 把pathsource.com.csr上传到godaddy,然后下载生成后的证书
  2. 拼接出完整的证书链
    1. 最前面是godaddy下载到的数字文件名的内容
    2. 中间是pathsource.com.csr
    3. 最后是gd_bundle-g2-g1.crt的内容作为补充
  3. 配置nginx
server {
  server_name xxx.xxx.com;
  ...
  ssl                  on;
  ssl_certificate      'combined.crt';
  ssl_certificate_key  'pathsource.com.key';

  ssl_session_timeout  5m;
  ssl_protocols  SSLv2 SSLv3 TLSv1;
  ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers   on;
}

事实上服务器上的文件保存了所有的必要信息,所以即使文件丢了还可以从pathsource.com.key和combined.crt里面找到需要的信息。具体方法请查看上面的步骤

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment