我想为我的网站创建一个自签名 SSL 证书。我不会使用它来访问网站本身,而是使用它来访问我将要使用的其他服务(roundcube、phpmyadmin 等)。我想在这些服务中使用 https,因为我将与服务器交换敏感数据。所以我需要我的虚拟主机所需的密钥和证书。
我的问题是生成它的正确方法是什么。我对不同的后缀 crt、pem、key 感到困惑,我在互联网上找到了很多不同的方法。我使用的 Web 服务器是 nginx。
另外密钥可以有多长?可以长于 4096 位吗?
谢谢
答案1
这是一个简单易用的简单示例:)
sudo mkdir /etc/nginx/ssl
cd /etc/nginx/ssl
sudo openssl genrsa -des3 -out server.key 1024
sudo openssl req -new -key server.key -out server.csr
--
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:
--
sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example
sudo nano /etc/nginx/sites-available/example
--
# HTTPS server
server {
listen 443;
server_name example.com;
root /usr/share/nginx/www;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
}