配置OpenResty支持SSL（不受信任的證書）

#關閉防火牆
chkconfig iptables off
service iptables stop

#關閉SELINUX
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0 


#上傳openresty_auto_install到 /usr/local/software
mkdir /usr/local/software

cd  /usr/local/software/openresty_auto_install


#更新包
yum update -y
yum install -y ghostscript unzip wget gcc gcc-c++ cmake make gcc-g77 autoconf automake zlib* fiex* libxml* ncurses-devel libmcrypt* libtool-ltdl-devel* make cmake perl bison ntpdate readline-devel pcre-devel openssl-devel tcl perl make g++ libtool autoconf automake imake mysql-devel libxml2-devel expat-devel

#調對時鐘
ntpdate stdtime.gov.hk
ntpdate cn.pool.ntp.org


tar zxvf ngx_openresty-1.7.7.1.tar.gz
cd ngx_openresty-1.7.7.1
./configure --prefix=/usr/local/openresty --with-http_stub_status_module --with-http_gzip_static_module --with-luajit --with-http_ssl_module

make && make install

\cp  /usr/local/software/openresty_auto_install/nginx /etc/rc.d/init.d/nginx
chmod 777 /etc/rc.d/init.d/nginx
chkconfig nginx on


#配置conf
vi /usr/local/openresty/nginx/conf/nginx.conf

server {

 listen 443;
 ssl on;
 ssl_certificate /usr/local/openresty/nginx/conf/server.crt;
 ssl_certificate_key /usr/local/openresty/nginx/conf/server_nopwd.key;
}

#cd到目錄
cd /usr/local/openresty/nginx/conf

cd到目錄

#cd /usr/local/nginx/conf


建立服務器私鑰
openssl genrsa -des3 -out server.key 1024


簽名請求的證書
openssl req -new -key server.key -out server.csr

注意此步驟過程當中須要填寫一系列的東西（公司名稱、所在地等按照實際狀況填）
尤爲注意 your server' hostname的填寫，若是沒有域名就直接填ip，若是有域名就填域名（都不須要端口號）

例如：

直接填ip：  61.155.86.78

域名： api.trewanyg.com

模糊域名：  * .trewanyg.com


製做解密後的私鑰
openssl rsa -in server.key -out server_nopwd.key
openssl x509 -req -days 3650 -in server.csr -signkey server_nopwd.key -out server.crt


拷貝證書文件

cp /usr/local/openresty/nginx/conf/server.crt /usr/local/openresty/nginx/html/


進入nginx的sbin目錄，啓動nginx
service nginx restart

進入nginx主頁查看
https://10.10.6.213

 http://www.cnblogs.com/yun007/p/3739182.html