本文共 2099 字,大约阅读时间需要 6 分钟。
在网页上输出 phpinfo()
<= phpinfo() >
搜索OpenSSL support选项,如果为enabled,表示支持。
keyread为网站名称,可以按你的来写
生成需要密码的私钥,过程中会让你输入密码,用于保护sslkey openssl genrsa -des3 -out keyread.private.pem 2048
生成不需要密码保护的私钥
sslkey openssl genrsa -out keyread.private.pem 2048
这样在目录下会有一个keyread.private.pem文件
sslkey openssl req -new -key keyread.pem -out keyread.cert.csr
在生成的过程中会让你填入国名, 城市名等信息
You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:cnState or Province Name (full name) [Some-State]:GuangDongLocality Name (eg, city) []:GuangzhouOrganization Name (eg, company) [Internet Widgits Pty Ltd]:KeyreadOrganizational Unit Name (eg, section) []:KeyreadCommon Name (e.g. server FQDN or YOUR name) []:KeyreadEmail Address []:alex_my@126.com
这样在目录下会有一个keyread.cert.csr文件,可以拿着这个文件到第三方认证机构生成最终的证书。
自己认证自己的证书,而不是交钱给第三方。
openssl req -new -x509 -key keyread.private.pem -out keyread.debug.pem -days 365
这里用到了密钥keyread.private.pem
这里使用的是nginx。
server { charset utf-8; client_max_body_size 128M; listen 443 ssl; ssl on; ssl_certificate /Users/alex/WWW/sslkey/keyread.debug.pem; ssl_certificate_key /Users/alex/WWW/sslkey/keyread.private.pem; server_name keyread.xyz; root '/Users/alex/WWW/keyread/web/'; index index.php; access_log /Users/alex/WWW/logs/keyread.com/access.log; error_log /Users/alex/WWW/logs/keyread.com/error.log; location / { # Redirect everything that isn't a real file to index.php try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass 127.0.0.1:9000; try_files $uri =404; } location ~ /\.(ht|svn|git) { deny all; }} 转载地址:http://ropox.baihongyu.com/