生成crt和private key
openssl req -new -newkey rsa:2048 -nodes -keyout your_domain_name.key -out your_domain_name.csr
打开godaddy把生成的your_domain_name.csr提供给godaddy。godaddy会去生成证书。
下载godaddy证书。两个文件,一个大概叫做85814333f334c3c5d.crt,另一个大概叫做叫做gd_bundle-g2-g1.crt。把两个文件上传到服务器某一目录下。执行如下操作合并两个文件
cat 85814333f334c3c5d.crt gd_bundle-g2-g1.crt >> your_domain_name.cst
打开nginx网站配置文件,加入
listen 443 ssl http2;
ssl on;
ssl_certificate /存储路径/your_domain_name;
ssl_certificate_key /存储路径/your_domain_name.cst;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_session_cache builtin:1000 shared:SSL:10m;
重启nginx搞定
尝试评论