SSL证书部署到服务器上的步骤
第一步 准备SSL证书文件
首先,你需要获得一个有效的SSL证书。你可以通过在线平台申请SSL证书,例如在线申请SSL证书。获取SSL证书后,你会得到以下几个文件
server.crt 这是SSL证书本身。
server.key 这是私钥,用于加密和解密数据。
chain.pem(可选) 如果使用了CA证书链,这个文件包含了中间证书。
第二步 配置Nginx服务器
假设你已经有一个运行着Nginx的服务器,以下是配置SSL证书的基本步骤 将SSL证书和相关文件复制到服务器的指定目录下,例如`/etc/nginx/ssl/`。 ```bash mkdir /etc/nginx/ssl/ cserver.crt /etc/nginx/ssl/ cserver.key /etc/nginx/ssl/ cchain.pem /etc/nginx/ssl/chain.pem ``` 编辑Nginx配置文件,通常是`/etc/nginx/sitesavailable/default`或`/etc/nginx/conf.d/yoursite.conf`。 ```nginx server { listen 443 ssl; servername yourdomain.com;sslcertificate /etc/nginx/ssl/server.crt; sslcertificatekey /etc/nginx/ssl/server.key; ssltrustedcertificate /etc/nginx/ssl/chain.pem; 如果有CA证书链
location / { root /var/www/html; index index.html index.htm; } } ``` 重启Nginx以应用新的配置。 ```bash sudo systemctl restart nginx ```
第三步 测试SSL连接
使用工具如`openssl`或在线工具来验证SSL连接是否正常工作。 ```bash openssl sclient connect yourdomain.com:443 ``` 你应该会看到类似这样的输出 ``` depth=1 C = US, O = DigiCert Inc., CN = DigiCert High Assurance EV Root CA verify return:1 SSL connection using TLSv1.2 with cipher ECDHERSAAES256GCMSHA384 (256 bits) Server certificate: subject=CN=yourdomain.com; OU=www.yourdomain.com; OU=Domain Control Validated Low 90 days; O=DigiCert Inc.; C=US start date: Dec 10 00:00:00 2023 expire date: Dec 09 23:59:59 2024 subjectAltName=.yourdomain.com I'm a valid, trusted Certificate Authority No client certificate requested New, TLSv1.2, Cipher is ECDHERSAAES256GCMSHA384 Server public key is 2048 bits Secure Renegotiation Not Supported Compression: None Expansion: None No AL N selected SSLSession: rotocol : TLSv1.2 Cipher : ECDHERSAAES256GCMSHA384 SessionID : SessionIDHash : SHA256 Cache Size : 3072 Verify return code : 20 (unable to verify the first certificate) Extended master secret : yes SK identity hash : 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 SK identity: X509 Compression: None Expansion: None Heartbeat Message Extension: 1 Hello Request sent by client Hello Request received by server Server hello protocol version is 3.3 Clienthello protocol version is 3.3 No compression method available No extension available No supported cipher suite found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found No supported extensions found
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论