Nginx服务器安装Comodo SSL数字证书的步骤
发布时间:2024-05-04 点击:88
1、连接cabundle和域名证书
命令:
cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt如果使用记事本或者其他文本编辑器:
a.分别打开cabundle和域名证书,例如domainname.crt、domainname.ca-bundle
b.复制domainname.crt 内容,粘贴到domainname.ca-bundle的上方
c.把修改后的文件保存为ssl-bundle.crt
2、复制crt文件到nginx服务器
例如:
mkdir -p /etc/nginx/ssl/example_com/3、复制私钥文件到nginx服务器
例如:
mv example_com.key /etc/nginx/ssl/example_com/4、配置nginx
例如:
server {? ? listen 443;? ? server_name domainname.com;? ? ssl on;? ? ssl_certificate /etc/ssl/certs/ssl-bundle.crt;? ? ssl_certificate_key /etc/ssl/private/domainname.key;? ? ssl_prefer_server_ciphers on;}5、重启nginx
/etc/init.d/nginx configtest/etc/init.d/nginx reload配置例子:
server {? ? listen 80 default_server;? ? listen [::]:80 default_server;? ? # redirect all http requests to https with a 301 moved permanently response.? ? return 301 https://$host$request_uri;}server {? ? listen 443 ssl http2;? ? listen [::]:443 ssl http2;? ? # certs sent to the client in server hello are concatenated in ssl_certificate? ? ssl_certificate /path/to/signed_cert_plus_root_plus_intermediates;? ? ssl_certificate_key /path/to/private_key;? ? ssl_session_timeout 1d;? ? ssl_session_cache shared:ssl:50m;? ? ssl_session_tickets off;? ? # diffie-hellman parameter for dhe ciphersuites, recommended 2048 bits? ? ssl_dhparam /path/to/dhparam.pem;? ? # intermediate configuration.? ? ssl_protocols tlsv1 tlsv1.1 tlsv1.2;? ? ssl_ciphers \'ecdhe-ecdsa-chacha20-poly1305:ecdhe-rsa-chacha20-poly1305:ecdhe-ecdsa-aes128-gcm-sha256:ecdhe-rsa-aes128-gcm-sha256:ecdhe-ecdsa-aes256-gcm-sha384:ecdhe-rsa-aes256-gcm-sha384:dhe-rsa-aes128-gcm-sha256:dhe-rsa-aes256-gcm-sha384:ecdhe-ecdsa-aes128-sha256:ecdhe-rsa-aes128-sha256:ecdhe-ecdsa-aes128-sha:ecdhe-rsa-aes256-sha384:ecdhe-rsa-aes128-sha:ecdhe-ecdsa-aes256-sha384:ecdhe-ecdsa-aes256-sha:ecdhe-rsa-aes256-sha:dhe-rsa-aes128-sha256:dhe-rsa-aes128-sha:dhe-rsa-aes256-sha256:dhe-rsa-aes256-sha:ecdhe-ecdsa-des-cbc3-sha:ecdhe-rsa-des-cbc3-sha:edh-rsa-des-cbc3-sha:aes128-gcm-sha256:aes256-gcm-sha384:aes128-sha256:aes256-sha256:aes128-sha:aes256-sha:des-cbc3-sha:!dss\';? ? ssl_prefer_server_ciphers on;? ? # hsts (ngx_http_headers_module is required) (15768000 seconds = 6 months)? ? add_header strict-transport-security max-age=15768000;? ? # ocsp stapling ---? ? # fetch ocsp records from url in ssl_certificate and cache them? ? ssl_stapling on;? ? ssl_stapling_verify on;? ? ## verify chain of trust of ocsp response using root ca and intermediate certs? ? ssl_trusted_certificate /path/to/root_ca_cert_plus_root_plus_intermediates;? ? resolver ;? ? ....}
付费和免费域名的申请步骤及命名技巧
云服务器怎么设置1080分辨率最高
怎么搭建响应式网站以及搭建响应式网站的注意事项
阿里云服务器免域名备案
tomcat项目启动报错误怎么解决
新形象,新征程,好视通全新VI正式发布
初创公司域名偏好:.COM后缀占比54%
到期虚拟主机找回-虚拟主机/数据库问题
命令:
cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt如果使用记事本或者其他文本编辑器:
a.分别打开cabundle和域名证书,例如domainname.crt、domainname.ca-bundle
b.复制domainname.crt 内容,粘贴到domainname.ca-bundle的上方
c.把修改后的文件保存为ssl-bundle.crt
2、复制crt文件到nginx服务器
例如:
mkdir -p /etc/nginx/ssl/example_com/3、复制私钥文件到nginx服务器
例如:
mv example_com.key /etc/nginx/ssl/example_com/4、配置nginx
例如:
server {? ? listen 443;? ? server_name domainname.com;? ? ssl on;? ? ssl_certificate /etc/ssl/certs/ssl-bundle.crt;? ? ssl_certificate_key /etc/ssl/private/domainname.key;? ? ssl_prefer_server_ciphers on;}5、重启nginx
/etc/init.d/nginx configtest/etc/init.d/nginx reload配置例子:
server {? ? listen 80 default_server;? ? listen [::]:80 default_server;? ? # redirect all http requests to https with a 301 moved permanently response.? ? return 301 https://$host$request_uri;}server {? ? listen 443 ssl http2;? ? listen [::]:443 ssl http2;? ? # certs sent to the client in server hello are concatenated in ssl_certificate? ? ssl_certificate /path/to/signed_cert_plus_root_plus_intermediates;? ? ssl_certificate_key /path/to/private_key;? ? ssl_session_timeout 1d;? ? ssl_session_cache shared:ssl:50m;? ? ssl_session_tickets off;? ? # diffie-hellman parameter for dhe ciphersuites, recommended 2048 bits? ? ssl_dhparam /path/to/dhparam.pem;? ? # intermediate configuration.? ? ssl_protocols tlsv1 tlsv1.1 tlsv1.2;? ? ssl_ciphers \'ecdhe-ecdsa-chacha20-poly1305:ecdhe-rsa-chacha20-poly1305:ecdhe-ecdsa-aes128-gcm-sha256:ecdhe-rsa-aes128-gcm-sha256:ecdhe-ecdsa-aes256-gcm-sha384:ecdhe-rsa-aes256-gcm-sha384:dhe-rsa-aes128-gcm-sha256:dhe-rsa-aes256-gcm-sha384:ecdhe-ecdsa-aes128-sha256:ecdhe-rsa-aes128-sha256:ecdhe-ecdsa-aes128-sha:ecdhe-rsa-aes256-sha384:ecdhe-rsa-aes128-sha:ecdhe-ecdsa-aes256-sha384:ecdhe-ecdsa-aes256-sha:ecdhe-rsa-aes256-sha:dhe-rsa-aes128-sha256:dhe-rsa-aes128-sha:dhe-rsa-aes256-sha256:dhe-rsa-aes256-sha:ecdhe-ecdsa-des-cbc3-sha:ecdhe-rsa-des-cbc3-sha:edh-rsa-des-cbc3-sha:aes128-gcm-sha256:aes256-gcm-sha384:aes128-sha256:aes256-sha256:aes128-sha:aes256-sha:des-cbc3-sha:!dss\';? ? ssl_prefer_server_ciphers on;? ? # hsts (ngx_http_headers_module is required) (15768000 seconds = 6 months)? ? add_header strict-transport-security max-age=15768000;? ? # ocsp stapling ---? ? # fetch ocsp records from url in ssl_certificate and cache them? ? ssl_stapling on;? ? ssl_stapling_verify on;? ? ## verify chain of trust of ocsp response using root ca and intermediate certs? ? ssl_trusted_certificate /path/to/root_ca_cert_plus_root_plus_intermediates;? ? resolver ;? ? ....}
付费和免费域名的申请步骤及命名技巧
云服务器怎么设置1080分辨率最高
怎么搭建响应式网站以及搭建响应式网站的注意事项
阿里云服务器免域名备案
tomcat项目启动报错误怎么解决
新形象,新征程,好视通全新VI正式发布
初创公司域名偏好:.COM后缀占比54%
到期虚拟主机找回-虚拟主机/数据库问题