windows生成ssl证书，实现本地https访问

下载openssl下载地址https://slproweb.com/products/Win32OpenSSL.html安装openssl配置环境变量将openssl的bin目录配置到path中生成私钥文件openssl genrsa -des3 -out localhost.key 2048去除口令，否则启动nginx时需要密码move server.key localhost.key.bako

qq243920161

9763人浏览 · 2021-08-28 09:11:03

qq243920161 · 2021-08-28 09:11:03 发布

下载openssl

下载地址 Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions

安装openssl

配置环境变量

将openssl的bin目录配置到path中

生成私钥文件

openssl genrsa -des3 -out localhost.key 2048

去除口令，否则启动nginx时需要密码

openssl rsa -in localhost.key -out localhost.key

创建请求证书

openssl req -new -key localhost.key -out localhost.csr

生成证书

openssl x509 -req -days 36500 -in localhost.csr -signkey localhost.key -out localhost.crt

将crt和key文件复制到nginx目录下/conf/cert

修改nginx.conf文件

插入以下代码

# https默认端口是443
server {
    listen 443 ssl;
    server_name localhost;

    # 证书路径
    ssl_certificate cert/localhost.crt;
    ssl_certificate_key cert/localhost.key;

    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
        # 代理地址，就是实际要访问的地址
    	proxy_pass http://127.0.0.1:8080;
    }
}

# 将http://localhost重定向到https://localhost
server {
    listen 80;
    listen [::]:80;
    server_name localhost;
    return 301 https://localhost$request_uri;
}

注意，server标签需要在http标签下