当前位置：首页 > news >正文

wordpress跳转页面插件/专业seo优化推广

news 2025/8/20 3:23:15

wordpress跳转页面插件,专业seo优化推广,建站网址大全,网站运营技巧实现SSL的NGINX的详细配置过程1、建立 CA1.1 创建私钥1.2 生成自签证书2、Nginx 服务器申请证书2.1 创建私钥2.2 生成自签证书2.3 可靠方式把自签证书传输给CA服务器进行签署2.4 CA服务器上进行Nginx传输的自签证书查看2.5 CA服务器上进行Nginx传输的自签证书签署2.6 CA服务器上…

实现SSL的NGINX的详细配置过程

1、建立 CA
- 1.1 创建私钥
- 1.2 生成自签证书
2、Nginx 服务器申请证书
- 2.1 创建私钥
- 2.2 生成自签证书
- 2.3 可靠方式把自签证书传输给CA服务器进行签署
- 2.4 CA服务器上进行Nginx传输的自签证书查看
- 2.5 CA服务器上进行Nginx传输的自签证书签署
- 2.6 CA服务器上进行签署证书的查看
- 2.7 把签署的证书返回至Nginx服务器
- 2.8 在Nginx服务器上进行查看
3、Nginx 服务器的 ssl 配置
4、进行客户端访问
- 4.1 未在浏览器里进行证书导入时进行访问
- 4.2 在浏览器里进行证书导入

1、建立 CA

1.1 创建私钥

[root@neo ~]# cd /etc/pki/CA/
[root@neo CA]# ll
total 0
drwxr-xr-x. 2 root root 40 Jul 19 22:12 certs
drwxr-xr-x. 2 root root  6 Oct 30  2018 crl
drwxr-xr-x. 2 root root  6 Oct 30  2018 newcerts
drwx------. 2 root root  6 Oct 30  2018 private
[root@neo CA]# (umask 077;openssl genrsa -out private/cakey.pem 2048)
Generating RSA private key, 2048 bit long modulus
...+++
......+++
e is 65537 (0x10001)
[root@neo CA]# ll private/
total 4
-rw-------. 1 root root 1679 Sep 15 09:29 cakey.pem

1.2 生成自签证书

[root@neo CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN 
State or Province Name (full name) []:BEIJING 
Locality Name (eg, city) [Default City]:BEIJING
Organization Name (eg, company) [Default Company Ltd]:NEOTANG   
Organizational Unit Name (eg, section) []:NEO
Common Name (eg, your name or your server's hostname) []:NEOTANG                  
Email Address []:neo@tang.com
[root@neo CA]# ll
total 4
-rw-r--r--. 1 root root 1391 Sep 15 09:38 cacert.pem
drwxr-xr-x. 2 root root   40 Jul 19 22:12 certs
drwxr-xr-x. 2 root root    6 Oct 30  2018 crl
drwxr-xr-x. 2 root root    6 Oct 30  2018 newcerts
drwx------. 2 root root   23 Sep 15 09:29 private
[root@neo CA]# touch index.txt
[root@neo CA]# echo 01 > serial
[root@neo CA]# ll
total 8
-rw-r--r--. 1 root root 1391 Sep 15 09:38 cacert.pem
drwxr-xr-x. 2 root root   40 Jul 19 22:12 certs
drwxr-xr-x. 2 root root    6 Oct 30  2018 crl
-rw-r--r--. 1 root root    0 Sep 15 09:55 index.txt
drwxr-xr-x. 2 root root    6 Oct 30  2018 newcerts
drwx------. 2 root root   23 Sep 15 09:29 private
-rw-r--r--. 1 root root    3 Sep 15 09:55 serial

2、Nginx 服务器申请证书

2.1 创建私钥

[root@Neo_Tang ~]# mkdir /etc/nginx/ssl
[root@Neo_Tang ~]# cd /etc/nginx/ssl/
[root@Neo_Tang ssl]# ll
total 0
[root@Neo_Tang ssl]# (umask 077;openssl genrsa -out nginx.key 2048)
Generating RSA private key, 2048 bit long modulus
.....+++
............+++
e is 65537 (0x10001)
[root@Neo_Tang ssl]# ll
total 4
-rw-------. 1 root root 1679 Sep 15 09:44 nginx.key

2.2 生成自签证书

[root@Neo_Tang ssl]# openssl req -new -key nginx.key -out nginx.csr 
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BEIJING
Locality Name (eg, city) [Default City]:BEIJING
Organization Name (eg, company) [Default Company Ltd]:NEOTANG
Organizational Unit Name (eg, section) []:NEO
Common Name (eg, your name or your server's hostname) []:NEOTANG
Email Address []:neo@tang.comPlease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:root
An optional company name []:root
[root@Neo_Tang ssl]# ll
total 8
-rw-r--r--. 1 root root 1094 Sep 15 09:48 nginx.csr
-rw-------. 1 root root 1679 Sep 15 09:44 nginx.key

2.3 可靠方式把自签证书传输给CA服务器进行签署

[root@Neo_Tang ssl]# scp nginx.csr root@192.168.1.10:/home/
The authenticity of host '192.168.1.10 (192.168.1.10)' can't be established.
ECDSA key fingerprint is SHA256:jiD9xP+ayA5wt4WMwKiXa9eVX7JAZF3MopajfwqB/50.
ECDSA key fingerprint is MD5:81:14:e6:5f:27:83:a0:8b:c2:88:35:a3:5b:0d:ae:b3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.10' (ECDSA) to the list of known hosts.
root@192.168.1.10's password: 
nginx.csr                                                                                    100% 1094   833.9KB/s   00:00

2.4 CA服务器上进行Nginx传输的自签证书查看

[root@neo ~]# cd /home/
[root@neo home]# ll
total 4
-rw-r--r--. 1 root   root   1094 Sep 15 09:50 nginx.csr
drwx------. 2 user21 user21   62 Jul 13 21:40 user21
drwx------. 2 user22 user22   62 Jul 13 21:40 user22
drwx------. 2 user33 user33   62 Jul 13 21:40 user33

2.5 CA服务器上进行Nginx传输的自签证书签署

[root@neo CA]# openssl ca -in /home/nginx.csr -out /etc/pki/CA/certs/nginx.crt -days 365
Using configuration from /etc/pki/tls/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:Serial Number: 1 (0x1)ValidityNot Before: Sep 15 14:06:20 2019 GMTNot After : Sep 14 14:06:20 2020 GMTSubject:countryName               = CNstateOrProvinceName       = BEIJINGorganizationName          = NEOTANGorganizationalUnitName    = NEOcommonName                = NEOTANGemailAddress              = neo@tang.comX509v3 extensions:X509v3 Basic Constraints: CA:FALSENetscape Comment: OpenSSL Generated CertificateX509v3 Subject Key Identifier: A1:F3:83:BD:DB:1A:C9:9A:6C:A2:7D:CB:BB:19:C6:BD:7F:E8:5A:D1X509v3 Authority Key Identifier: keyid:9A:FC:2D:15:80:74:46:1E:65:1B:96:68:81:97:55:A2:16:FD:0B:30Certificate is to be certified until Sep 14 14:06:20 2020 GMT (365 days)
Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

2.6 CA服务器上进行签署证书的查看

[root@neo CA]# ll certs/        # 生成的签署证书，以本地签署证书记录是一致的
total 20
-rw-r--r--. 1 root root 4564 Sep 15 10:08 nginx.crt
[root@neo CA]# ll newcerts/    # 本地签署证书记录
total 8
-rw-r--r--. 1 root root 4564 Sep 15 10:08 01.pem

2.7 把签署的证书返回至Nginx服务器

[root@neo CA]# scp certs/nginx.crt root@192.168.1.11:/etc/nginx/ssl
The authenticity of host '192.168.1.11 (192.168.1.11)' can't be established.
ECDSA key fingerprint is SHA256:w3Z1C0VkdwuTmI4dHq9ueZoVz6d0plXnO/K+C9I3pts.
ECDSA key fingerprint is MD5:7b:fb:6d:81:82:f1:1d:51:99:81:ea:d8:c7:e1:a1:4e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.11' (ECDSA) to the list of known hosts.
root@192.168.1.11's password: 
nginx.crt

2.8 在Nginx服务器上进行查看

[root@Neo_Tang ssl]# ll
total 16
-rw-r--r--. 1 root root 4564 Sep 15 10:15 nginx.crt
-rw-r--r--. 1 root root 1094 Sep 15 09:48 nginx.csr
-rw-------. 1 root root 1679 Sep 15 09:44 nginx.key

3、Nginx 服务器的 ssl 配置

[root@Neo_Tang conf.d]# cat neo.conf 
server {listen 443 ssl;server_name localhost;root /data/nginx/neo/;index index.html;access_log /var/log/nginx/neo_ssl_access.log main;ssl on;ssl_certificate /etc/nginx/ssl/nginx.crt;ssl_certificate_key /etc/nginx/ssl/nginx.key;ssl_protocols SSLV3 TLSV1 TLSV1.1 TLSV1.2;ssl_session_cache shared:SSL:10m;            # 优化配置，可以缓存40000个会话的缓存location / {allow all;}
}