1.可用openssl生成私鑰和自簽名證書 ?安裝openssl
sudo yum install openssl -y ??
2.生成ssl證書 365天期限
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/nginx-selfsigned.key \
-out /etc/ssl/certs/nginx-selfsigned.crt
3、按照提示編寫信息
Country Name (2 letter code) [XX]: CN ?????# 國家代碼(如 CN)
State or Province Name (full name) []: Beijing ??# 省份
Locality Name (eg, city) []: Beijing ?????# 城市
Organization Name (eg, company) []: AGIL ?# 組織名(可自定義)
Organizational Unit Name (eg, section) []: IT ?# 部門名(可自定義)
Common Name (eg, server FQDN) []: 192.168.xx.xx ?# 服務器IP或本地域名(重要!填寫實際訪問的IP或 `localhost`)
Email Address []: admin@example.com ??????# 郵箱(可留空)
4、檢驗證書和私鑰是否生成
sudo ls -l /etc/ssl/private/nginx-selfsigned.key /etc/ssl/certs/nginx-selfsigned.crt
5、修改nginx配置文件(查看附件)
6,防火墻放行https
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload
7.查看證書有效期
?openssl x509 -in xxx.crt -noout -dates
集合類詳解)
 等待事件(1)-概述)
)
)
)
