1.生成私钥文件,其中out输出路径可以自定义
openssl genrsa -out D:\localhost.key 2048
2 生成证书签名请求(CSR),根据第一步正确指定私钥路径,和签名请求
openssl req -new -key D:\localhost.key -out D:\localhost.csr -config D:\Program Files\Git\usr\ssl\oepnssl.cnf
3.使用私钥和CSR生成自签名证书
openssl req -new -key "D:\localhost.key" -out "D:\localhost.csr" -config "D:\Program Files\Git\usr\ssl\openssl.cnf"
4.在ng中进行配置
server {
listen 443 ssl;
server_name localhost;
ssl_certificate localhost.crt;
ssl_certificate_key localhost.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root html;
index index.html index.htm;
}
}
5.浏览器访问:可以实现https的验证