Openssl 生成SSL请求。
十一月 7th, 2010 | 
Author: 哎,域名在国内真不好过。有一个域名在新网。然后我的DNS Server是用的海外的He.net提供的DNS Server.本来一直都是用的好好的。突然近段时间发现域名的NS变回ns.dns.com.cn了。我靠。这太过分了啥。 正好namecheap在搞域名送100%free的域名SSL。SO,决定转移过去。
—————–
1.生成SSL 请求(SCR)
执行
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out myserver.csr
You will now be asked to enter details to be entered into your CSR.
What you are about to enter is what is called a Distinguished Name or a DN.
For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]: GB (国家)
State or Province Name (full name) [Some-State]: Yorks (省份)
Locality Name (eg, city) []: York (城市)
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Ltd (公司名称)
Organizational Unit Name (eg, section) []: (所在部门)
Common Name (eg, YOUR name) []: www.5hml.com (应用SSL证书的网址,不要搞错了)
Email Address []: (电子邮件,可不填)
Please enter the following ‘extra’ attributes to be sent with your certificate request
A challenge password []: (免得搞这么复杂,不要填了)
An optional company name []: (免得搞这么复杂,不要填了)
生成两个文件,一个是myserver.key是私钥,一个就是CSR,
打开CSR文件
nano myserver.csr
把内容拷贝下来,在namecheap.com的相关功能页面上提交CSR的内容,提交完CSR后,namecheap会发邮件要求确认,查收邮件后,点邮件
上的连接,点我同意的按纽。
然后就是等待了……………………
几分钟后。邮件会寄到你的邮箱
第一封是没有用的
第二封里面的附件里有你申请的SSL证书。
ZIP里面包含一下文件:
第二步:修改nginx的配置
server
{
listen 80;
listen 443;
ssl on;
ssl_certificate /var/www/sslkey/www_5hml_com.crt;
ssl_certificate_key /var/www/sslkey/5hml.key;
server_name www.5hml.com 5hml.com 5hml.ghitr.com;
index index.html index.htm index.php default.html default.htm default.php;
……………………………
然后保存。重启nginx
Posted in 
Tags: 
I just added your blog site to my blogroll, I pray you would give some thought to doing the same.
[回复]
I just added your blog site to my blogroll, I pray you would give some thought to doing the same.
[回复]