生成ssl证书 - 技术

1. Generate private key and certificate signing request

openssl genrsa -out server.pass.key 2048
openssl rsa -in server.pass.key -out server.key

rm server.pass.key
openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [AU]:CN ← 国家名称，中国输入CN
State or Province Name (full name) [Some-State]:SiChuan ← 省名称，拼音
Locality Name (eg, city) []:SiChuan ← 市名称，拼音
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名
Organizational Unit Name (eg, section) []: ← 可以不填
Common Name (eg, YOUR name) []:Lenin ← 自己的英文名，可以随便填
Email Address []:admin@mycompany.com ← 电子邮箱，可以随便填

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []: ← 可以不填
An optional company name []: ← 可以不填

Note: when the openssl req command asks for a “challenge password”, just press return, leaving the password empty.

2. Generate SSL certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

3、Apache配置

<VirtualHost *:443> ServerAdmin zentao@local.net DocumentRoot "/opt/zbox/app/zentaoep/www/" ServerName pms.srcnet.cn SSLEngine On SSLCertificateFile /opt/zbox/etc/apache/ssl/server.crt SSLCertificateKeyFile /opt/zbox/etc/apache/ssl/server.key <Directory "/opt/zbox/app/zentaoep/www"> AllowOverride all Require all granted </Directory> ErrorLog "/opt/zbox/logs/apache_error_log" CustomLog "/opt/zbox/logs/apache_access_log" combind </VirtualHost>
4、Nginx配置

ssl on; ssl_certificate /opt/zbox/etc/apache/ssl/server.crt; ssl_certificate_key /opt/zbox/etc/apache/ssl/server.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on;