16，nginx ssl 及hosts 文件设置

私钥：锁

公钥：钥匙

[root@www install]# openssl req -nodes -newkey rsa:1024 -out myreq.pem -keyout privatekey.pem

Generating a 1024 bit RSA private key

.......++++++

..........................++++++

writing new private key to 'privatekey.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Bejing

Locality Name (eg, city) [Default City]:Bejing

Organization Name (eg, company) [Default Company Ltd]:abcd

Organizational Unit Name (eg, section) []:bcde

Common Name (eg, your name or your server's hostname) []:www.bcdeww.com

Email Address []:852394104@qq.com

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@www install]# ll

总用量 8

-rw-r--r--. 1 root root 696 6月   3 13:02 myreq.pem

-rw-r--r--. 1 root root 912 6月   3 13:02 privatekey.pem

[root@www install]# openssl req -in myreq.pem -x509 -key privatekey.pem -out mycert.pem -days 365

[root@www install]# ll

总用量 12

-rw-r--r--. 1 root root 1054 6月   3 13:04 mycert.pem

-rw-r--r--. 1 root root  696 6月   3 13:02 myreq.pem

-rw-r--r--. 1 root root  912 6月   3 13:02 privatekey.pem

[root@www install]#

[root@www html]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

[root@www html]#

server {

        listen       80;

        server_name  www.yyyy.com;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {

            root   html;

            index  index.html index.htm;

        }

server {

        listen       443 ssl;

        server_name  www.xxxxyyyy.com;

        ssl_certificate      /root/install/mycert.pem;

        ssl_certificate_key  /root/install/privatekey.pem;

        ssl_session_cache    shared:SSL:1m;

        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;

        ssl_prefer_server_ciphers  on;

        location / {

            root   html/ssl;

            index  index.html index.htm;

        }

    }

[root@www html]#

[root@www conf]# curl   www.yyyy.com

curl: (6) Could not resolve host: www.yyyy.com; 未知的错误

[root@www conf]# curl  -I www.yyyy.com

curl: (6) Could not resolve host: www.yyyy.com; 未知的错误

在windows的host文件设置：

# localhost name resolution is handled within DNS itself.

#     127.0.0.1       localhost

#     ::1             localhost

192.168.132.135 www.xxxxyyyy.com www.yyyy.com

此时输入http的域名都会解析到192.168.132.135去找第一个虚拟server

所以都输出为yyyy。

下面输入

注意上面三个截图都是Linux系统的hosts文件没有改动哦。