如何给域名生成ssl证书_泛域名ssl证书

如何给域名生成ssl证书_泛域名ssl证书1.生成crs文件opensslreq-new-newkeyrsa:2048-nodes-keyouttest.key-outtest.csrCommonName设置为域名2.配置ssl,在godday上填充csr后

1. 生成crs文件

openssl req -new  -newkey rsa:2048 -nodes -keyout test.key -out test.csr

如何给域名生成ssl证书_泛域名ssl证书

Common Name设置为域名

2. 配置ssl,在godday上填充csr后,下载对应的证书:

cat id.crt gd_bundle-g2-g1.crt > test.crt

3.配置nginx ssl

server
    {
        listen 443 ssl;
        #listen [::]:80;
        server_name www.test.com;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/dist;

        include rewrite/other.conf;
        #error_page   404   /404.html;

        ssl_certificate /usr/local/nginx/conf/cert/test.com/test.crt;
        ssl_certificate_key /usr/local/nginx/conf/cert/test.com/test.key;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
        ssl_prefer_server_ciphers on;

        # Deny access to PHP files in specific directory
        #location ~ /(wp-content|uploads|wp-includes|images)/.*\.php$ { deny all; }

        include enable-php.conf;

        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }
        error_log /home/wwwlogs/www.test.com.error.log;
        access_log  /home/wwwlogs/www.test.com.access.log;
    }

 server {
    listen 80;
    server_name www.test.com;
    root  /home/wwwlogs/dist;
    rewrite ^(.*)$  https://$host$1 permanent;
 }

4.生成tomcat文件

keytool -keysize 2048 -genkey -alias tomcat -keyalg RSA -keystore tomcat.keystore

如何给域名生成ssl证书_泛域名ssl证书

keytool -importkeystore -srckeystore tomcat.keystore -destkeystore tomcat.keystore -deststoretype pkcs12


keytool -certreq -keyalg RSA -alias tomcat -file csr.csr -keystore tomcat.keystore

keytool -import -alias root -keystore tomcat.keystore -trustcacerts -file gd_bundle-g2-g1.crt
 
keytool -import -alias intermed -keystore tomcat.keystore -trustcacerts -file gdig2.crt
 
keytool -import -alias tomcat -keystore tomcat.keystore -trustcacerts -file xxxxx.crt

gdig2路径下载:https://certs.godaddy.com/repository/

5.设置http跳转,在web.xml末尾添加:

<security-constraint>
    <!– Authorization setting for SSL –>
    <web-resource-collection >
        <web-resource-name >SSL</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>
 

今天的文章如何给域名生成ssl证书_泛域名ssl证书分享到此就结束了,感谢您的阅读。

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
如需转载请保留出处:https://bianchenghao.cn/82583.html

(0)
编程小号编程小号

相关推荐

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注