SSL密鑰對生成

◆進入nginx的conf目錄下，把密鑰對放到conf目錄下

[root@wjh-01 ~]# cd /usr/local/nginx/conf/

◆看有沒有openssl命令，沒有要裝那個包

[root@wjh-01 ~]# rpm -qf `which openssl`

openssl-1.0.1e-60.el7_3.1.x86_64

◆用openssl命令生成一個rsa格式名字是tmp.key長度是2048的私鑰

[root@wjh-01 ~]# openssl genrsa -des3 -out tmp.key 2048

Generating RSA private key, 2048 bit long modulus

........+++

.................................+++

e is 65537 (0x10001)

Enter pass phrase for tmp.key: #輸入私鑰的密碼

Verifying - Enter pass phrase for tmp.key: #再次輸入一次

◆把剛纔生成有密碼的私鑰轉換成沒有密碼的私鑰

[root@wjh-01 ~]# openssl rsa -in tmp.key -out wjh.key

Enter pass phrase for tmp.key: #輸入要轉換私鑰的密碼

writing RSA key

◆tmp.key 和 wjh.key都是私鑰，把tmp.key刪除

[root@wjh-01 ~]# rm -rf tmp.key

◆生成證書請求文件，須要拿這個文件和私鑰一塊兒生產公鑰文件

[root@wjh-01 ~]# openssl req -new -key wjh.key -out wjh.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:11

State or Province Name (full name) []:wang

Locality Name (eg, city) [Default City]:beijing

Organization Name (eg, company) [Default Company Ltd]:wang

Organizational Unit Name (eg, section) []:wang

Common Name (eg, your name or your server's hostname) []:wjh

Email Address []:wjh@qq.com

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:111111

An optional company name []:11^H^H^H

◆產生公鑰

[root@wjh-01 ~]# openssl x509 -req -days 365 -in wjh.csr -signkey wjh.key -out wjh.crt

Signature ok

subject=/C=11/ST=wang/L=beijing/O=wang/OU=wang/CN=wjh/emailAddress=wjh@qq.com

Getting Private key

◆產生的三個文件