首页 > 其他分享 >https 自签名证书

https 自签名证书

时间:2023-02-22 10:48:49浏览次数:38  
标签:key rootCA 证书 nginx html 签名 https mycert root

创建rootCA证书

cd ~ && mkdir mycert
cd mycert
openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

配置v3.ext

cat >v3.ext<<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = test.com
DNS.2 = *.test.com
EOF

签名

openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout mydomain.key
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out mydomain.crt -days 36500 -sha256 -extfile v3.ext

nginx 配置文件

# cat https.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name  test.com;

    ssl_certificate /root/mycert/mydomain.crt;
    ssl_certificate_key /root/mycert/mydomain.key;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

}

启动 nginx 容器

docker run -it --rm -v /root/mycert:/root/mycert -v /root/mycert/https.conf:/etc/nginx/conf.d/https.conf -p 80:80 -p 443:443 --name nginx nginx:alpine

导入证书

  1. 将rootCA.pem文件更名为rootCA.crt
  2. 双击安装证书,导入证书到受信任根证书颁发机构
  3. 重启浏览器

标签:key,rootCA,证书,nginx,html,签名,https,mycert,root
From: https://www.cnblogs.com/xwjh/p/17143505.html

相关文章