windows下本地搭建https服务器

使用工具

  • 使用git的命令行工具或者cmder
  • 注意使用cmd命令行是不行的, cmd命令行并不能识别openssl命令

openssl genrsa 命令介绍

openssl genrsa 命令是会用来生成 RSA 私有秘钥,不会生成公钥,因为公钥提取自私钥。生成时是可以指定私钥长度密码保护
如果需要查看公钥或生成公钥,可以使用 openssl rsa 命令。

创建私钥

生成秘钥是生成证书的前提

生成长度为 1024 的秘钥

1
2
3
4
5
$ openssl genrsa -out certificate.key 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
...+++++
...............................................+++++
e is 65537 (0x010001)

创建证书请求

需要输入一些列信息,最重要的是Common Name表示要使用https访问的域名

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
$ openssl req -new -out certificate.csr -key certificate.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:ShanDong
Locality Name (eg, city) []:QingDao
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:chisheng.xin
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:

签署服务器证书

1
2
3
4
$ openssl x509 -req -in certificate.csr -out certificate.pem -signkey certificate.key -days 3650
Signature ok
subject=C = CN, ST = ShanDong, L = QingDao, O = Internet Widgits Pty Ltd, CN = chisheng.xin
Getting Private key

配置Nginx

我这里使用的是PHPstudy配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
server {
listen 443 ssl;
ssl_certificate D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/certificate.pem;
ssl_certificate_key D:/phpstudy_pro/Extensions/Nginx1.15.11/conf/ssl/certificate.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
server_name chisheng.xin;
root "D:/phpstudy_pro/WWW/chisheng.xin";
location / {
index index.php index.html error/index.html;
error_page 400 /error/400.html;
error_page 403 /error/403.html;
error_page 404 /error/404.html;
error_page 500 /error/500.html;
error_page 501 /error/501.html;
error_page 502 /error/502.html;
error_page 503 /error/503.html;
error_page 504 /error/504.html;
error_page 505 /error/505.html;
error_page 506 /error/506.html;
error_page 507 /error/507.html;
error_page 509 /error/509.html;
error_page 510 /error/510.html;
include D:/phpstudy_pro/WWW/chisheng.xin/nginx.htaccess;
autoindex off;
}
location ~ \.php(.*)$ {
fastcgi_pass 127.0.0.1:9004;
fastcgi_index index.php;
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
include fastcgi_params;
}
}

然后重启Nginx

坚持原创技术分享,您的支持将鼓励我继续创作!
0%