https ssl证书申请和部署流程

1.申请免费的StartSSL证书http://www.itbulu.com/startssl.html

2.获取startssl官方的根证书

wget http://www.startssl.com/certs/ca.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem
#合并两个证书 cat ca.pem sub.class1.server.ca.pem >> www.wwjie.cn.crt

3.配置通过openssl安装导入,避免nginx启动时输入密码

openssl rsa -in ssl.key -out /etc/nginx/conf.d/ssl/ssl_ca.key

2.配置nginx加载证书

listen       443;
ssl    on;
ssl_certificate    /usr/local/nginx/conf/www.wwjie.cn.crt;   #你从StartSSL下载证书放的路径
ssl_certificate_key     /usr/local/nginx/conf/ssl_ca.key;  #openssl生成key路径
ssl_session_timeout 5m;

强制https

server {  
    listen  80;  
    server_name www.wwjie.com wwjie.cn;  
    rewrite ^(.*)https://host$1 permanent;  
}

 

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注