\u74b0\u5883: Ubuntu 14.04 x64<\/p>\n
\nroot@Wordpress:\/tmp# openssl genrsa -des3 -out site.key 2048\nGenerating RSA private key, 2048 bit long modulus\n..........................+++\n....................................+++\ne is 65537 (0x10001)\nEnter pass phrase for site.key:\nVerifying - Enter pass phrase for site.key:\n<\/pre>\n2.\u7522\u751f csr<\/p>\n
\nroot@Wordpress:\/tmp# openssl req -new -key site.key -out site.csr\nEnter pass phrase for site.key:\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [AU]:TW\nState or Province Name (full name) [Some-State]:Taiwan\nLocality Name (eg, city) []:Taipei City\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Cowman\nOrganizational Unit Name (eg, section) []:IT\nCommon Name (e.g. server FQDN or YOUR name) []:cowman.ip\nEmail Address []:cowman.chiang@gmail.com\n\nPlease enter the following 'extra' attributes\nto be sent with your certificate request\nA challenge password []:\nAn optional company name []:\n<\/pre>\n\n- cat csr\uff0c\u8cbc\u81f3\u7533\u8acb\u8655<\/li>\n<\/ol>\n
\nroot@Wordpress:\/tmp# cat site.csr \n-----BEGIN CERTIFICATE REQUEST-----\nMIIC1DCCAbwCAQAwgY4xCzAJBgNVBAYTAlRXMQ8wDQYDVQQIDAZUYWl3YW4xFDAS\nBgNVBAcMC1RhaXBlaSBDaXR5MQ8wDQYDVQQKDAZDb3dtYW4xCzAJBgNVBAsMAklU\nMRIwEAYDVQQDDAljb3dtYW4uaXAxJjAkBgkqhkiG9w0BCQEWF2Nvd21hbi5jaGlh\nbmdAZ21haWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2oNl\nFGzEzzpVSvFkwrYegC1VxoznmsPp2UrImb+w2M4ZLLuqdAqjhLs1atnPaQZsQlOF\nwfbnbGvcdwULuIzU8o1o1v7KS7TmWfi7P3oYG5GBRq\/j3QuOQEwQ1s0QFAnulso9\nrAHCt4i1rFg8wNF6mEF1Ghd2DzzD8P7Ew+LCYq+C4G8yq44RD+WJ8DccA4OQfzou\nmcstrRkXWmoYyrICepCE4eqxSdlNH3dyZbSmG4yKC1gQc60\/Utm5o8lGynvS0pBh\nPUx124eMsWz80wZ0xAkE6Ma24XgOHied3XuaiRfBi5\/tql+wfEQBrIOZ0DJ1DAhN\nJ723zUMw9amQ8cF4zQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAGeLtDAWlgh6\nag+PP8YqXrxGSAkkyL8EKdrPEntgYEPIkKt9to+h0tKBCZ5kCvG4bL6V5zRhtx4f\nViqTzh9itOI3MDfvE5o8vxhed4jzevIifpKDONt0bAOC73STpv9+HCR+CMNX0Erf\ntmhD+zuLwHcBl5qoZqaPQobPF1VR1U2jsGBZ2HTTamtjGcr0mkso3MO5QxcV8JkP\nDwAc\/PGn06zzKUyPeGPY2PE2xAppcof8B\/WOYLvRx202YeoG6Cp1hLT94GoN+ef\/\naDwd7WgaFpC1sXTnjoOlzpsxoovHmaJMTskncYkUZIsg4ZvhJnF9trqu9XlUKBh7\nvDAfX3ZNzCs=\n-----END CERTIFICATE REQUEST-----\n<\/pre>\n\n- \n
\u9019\u88e1\u4e00\u6a23\u4ee5namecheap\u7684comodo ssl\u70ba\u4f8b\uff0c\u6703\u6536\u5230\u4e0b\u9762\u56db\u500b\u6a94\u6848
\n\u4f3a\u670d\u5668\u985e\u578b\u9078nginx
\nAddTrustExternalCARoot.crt
\nCOMODORSAAddTrustCA.crt
\nCOMODORSADomainValidationSecureServerCA.crt
\ncowman_ip.crt<\/p>\n<\/li>\n
- \n
\u7522\u751f ssl-bundle.crt<\/p>\n<\/li>\n<\/ol>\n
\ncat cowman_ip.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt\n<\/pre>\n\n- \u79fb\u9664\u9700\u8981\u8f38\u5165 phase \u7684\u6a5f\u5236<\/li>\n<\/ol>\n
\nroot@Wordpress:\/tmp# openssl rsa -in site.key -out site-nopass.key\nEnter pass phrase for site.key:\nwriting RSA key\n<\/pre>\n\n- \u4fee\u6539 nginx \u8a2d\u5b9a\u6a94\uff0c\u4f4d\u7f6e\u5728 \/etc\/nginx\/sites-enabled\/default\uff0c\u9019\u88e1\u628a\u8a2d\u5b9a\u6a94\u6574\u4f75\u5728server\u4e2d<\/li>\n<\/ol>\n
\nroot@Wordpress:\/tmp# vim \/etc\/nginx\/sites-enabled\/default\n\nserver {\n #listen 80 default_server;\n #listen [::]:80 default_server ipv6only=on;\n listen 80;\n listen 443 default ssl;\n\n ssl_certificate \/opt\/local\/nginx\/conf\/certs\/ssl-bundle.crt;\n ssl_certificate_key \/opt\/local\/nginx\/conf\/certs\/site_ip.key;\n\n ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;\n ssl_ciphers \"HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES\";\n ssl_prefer_server_ciphers on;\n<\/pre>\n\n- \u91cd\u65b0\u555f\u52d5 nginx<\/li>\n<\/ol>\n
\nservice nginx restart\n<\/pre>\n","protected":false},"excerpt":{"rendered":"\u74b0\u5883: Ubuntu 14.04 x64 \u7522\u751fkey root@Wordpress:\/tmp# openssl genrsa -des3 -out site.key 2048 Generating RSA private key, 2048 bit long modulus ……………………..+++ ………………………………+++ e is 65537 (0x10001) Enter pass phrase for site.key: Verifying – Enter pass phrase for site.key: 2.\u7522\u751f csr … Continue reading