nginx和ssl证书

时间:2013-07-09 09:02:56

标签: ssl nginx certificate ssl-certificate

我想在Nginx下提供我网站的ssl支持。
首先,我尝试使用自签名证书,但正如您所知浏览器抱怨

  

此连接不受信任

其次,我尝试从知名证书颁发机构(symantec.com)订购免费证书。但它给我发了一份证书:

  

----- BEGIN CERTIFICATE ----- MIIFhzCCBG + gAwIBAgIQIe7e9lh4GqB0cr9kdPKPbjANBgkqhkiG9w0BAQUFADCB   yzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL   EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xQjBABgNV   BAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3Bz   L3Rlc3RjYSAoYykwOTEtMCsGA1UEAxMkVmVyaVNpZ24gVHJpYWwgU2VjdXJlIFNl   cnZlciBDQSAtIEcyMB4XDTEzMDcwNTAwMDAwMFoXDTEzMDgwNDIzNTk1OVowgasx   CzAJBgNVBAYTAlVBMQ0wCwYDVQQIEwRLeWl2MQ0wCwYDVQQHFARLeWl2MQ0wCwYD   VQQKFARVSUlQMRgwFgYDVQQLFA9zeXN0ZW0gYW5hbHlzaXMxOjA4BgNVBAsUMVRl   cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDUx   GTAXBgNVBAMUEGVmaWxpbmcudWlwdi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB   DwAwggEKAoIBAQDOq5JajVn8VEINqH6N61f8BwS3M2U9mIcwGt7Q829f + RaYqcF /   / + 2 + Zzmv72Hismgo6cu5N / ONtEBpJ69zkDjC9vD3IluCSimtu9CyMfG0z + V4tRr8   XxmdMnzSJNs + aBxM + ljODVuYjQ5r2YCsPl / GeVAHn41Qa76m0Efz1 + XgfsmoSxSe   hhwBB7upJ1YvalRRvcGFGmqMQFiy2 + 8G / l3gCAuCgt + qniEoyNnOGWArkMm5pNUN   v0ciaDr8OTzBCx + RvI5sUA2 + iM4mm7Jl7i9oKO6YvcXhpIBOHQDFuGkF5IEoyKAC   1ioBByqN9OT5UicTY25PddE133WU0gN1cBwXAgMBAAGjggGDMIIBfzAbBgNVHREE   FDASghBlZmlsaW5nLnVpcHYub3JnMAkGA1UdEwQCMAAwDgYDVR0PAQH / BAQDAgWg   MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9TVlJUcmlhbC1HMi1jcmwudmVyaXNp   Z24uY29tL1NWUlRyaWFsRzIuY3JsMEoGA1UdIARDMEEwPwYKYIZIAYb4RQEHFTAx   MC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzL3Rlc3Rj   YTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUKBcT   ir3WorXcBiy3to7aEGZgbuUwdAYIKwYBBQUHAQEEaDBmMCQGCCsGAQUFBzABhhho   dHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9TVlJU   cmlhbC1HMi1haWEudmVyaXNpZ24uY29tL1NWUlRyaWFsRzIuY2VyMA0GCSqGSIb3   DQEBBQUAA4IBAQC4SQgLwIcrsvrdQlEpP3kQFJMtPBeoYPYouMfT / Fa4VtsL8Vxi   0YqGY8MGXPeESCqEFSciD8ZTaUvbMqaZe / iBPpsyLBpI2 + aeksJBwMYtRLASCzIG   -----结束证书-----

但是Nginx需要是.key和.cer文件。

有关如何让知名CA获得免费证书(.key和.cer文件)的任何建议吗?

2 个答案:

答案 0 :(得分:1)

这是.cer文件,.key是您用来生成此.cer文件的密钥,尝试记住您是如何获得此.cer文件的,您可能在您的设备上生成了一个密钥文件,然后从中创建了一个证书签名请求.csr,然后将其上传以使此证书正确无误?

你应该已经有了密钥文件。

答案 1 :(得分:1)

在Apache或Nginx上写了一篇关于Let的加密TSL / SSL证书(每个人的免费可信ssl证书!)的教程,包括证书的自动续订。 Let`s Encrypt Guide。它非常简单,就像魅力一样!

相关问题
最新问题