Nginx 配置文件需要配置

Nginx 配置文件需要配置

我已经生成了如下所示的证书:

Root-CA  ->  Intermediate-CA  ->  Server

Root-CA:
rootca.key
rootca.crt
rootca.crl

Intermediate-CA:
intermediateca.key
intermediateca.crt
intermediateca.crl

Server:
server.key
server.crt

此处的Root-CA签名为Root-CA自签名证书。

然后,Intermediate-CARoot-CAServer签字人签字Intermediate-CA

以上所有文件均位于confs文件夹中

Nginx 配置:

server {
        listen 443 ssl;
        listen [::]:443 SSL;
        server_name www.example.com;

        ssl_certificate  /home/user/confs/?;
        ssl_certificate_key /home/user/confs/?;

        ssl_ocsp on;
        ssl_verify_client on;
        ssl_verify_depth 2;
        ssl_client_certificate /home/user/confs/?;
        ssl_crl /home/user/confs/?;

        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /home/user/confs/?;
}

哪些文件将位于 中?。有人能帮我配置 Nginx 吗?谢谢您的时间。

答案1

尝试:

server {
        listen 443 ssl;
        listen [::]:443 SSL;
        server_name www.example.com;

        ssl_certificate  /home/user/confs/server_chain.crt;
        ssl_certificate_key /home/user/confs/server.key;

        ssl_ocsp on;
        ssl_verify_client on;
        ssl_verify_depth 2;
        ssl_client_certificate /home/user/confs/rootca.crt;
        ssl_crl /home/user/confs/intermediateca.crl;

        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /home/user/confs/rootca.crt;
}

其中是和(服务器位于文件顶部)server_chain.pem的连接。server.crtintermediateca.crt

ssl_client_certificate并且ssl_trusted_certificate相互排斥。更多信息这里

ssl_crl假设intermediateca.crl这个中级 CA 正在颁发客户端证书。

相关内容