安裝環(huán)境

nginx下載地址：http://nginx.org/en/download.html
openssl下載地址：http://slproweb.com/products/Win32OpenSSL.html
官網(wǎng)地址：https://www.openssl.org/source/

1月培、根據(jù)系統(tǒng)選擇下載安裝文件

2018-01-23_15h40_25.png

2昂羡、配置系統(tǒng)路徑
我的電腦-》屬性-》高級(jí)系統(tǒng)設(shè)置-》環(huán)境變量-》用戶變量（如果想要所有用戶通用的話可以在系統(tǒng)變量里面配置 ）
變量名： OPENSSL_HOME 變量值：C:\OpenSSL-Win64\bin; （變量值為openssl安裝位置，我的 ）
在path變量結(jié)尾添加如下 ： %OPENSSL_HOME%;

2018-01-23_15h39_28.png

D:\>cd nginx-1.8.0
D:\nginx-1.8.0>ls
conf       contrib    docs       html       logs       nginx.exe  temp
D:\nginx-1.8.0>mkdir ssl
D:\nginx-1.8.0>ls
conf       docs       logs       ssl
contrib    html       nginx.exe  temp
D:\nginx-1.8.0>

3.2 創(chuàng)建私鑰
在命令行中執(zhí)行命令： openssl genrsa -des3 -out dogiant.key 1024 （dogiant是文件名可以自定義）礁扮，如下所示：

D:\nginx-1.8.0>cd ssl
D:\nginx-1.8.0\ssl>openssl genrsa -des3 -out dogiant.key 1024
Generating RSA private key, 1024 bit long modulus
...........................................++++++
............++++++
e is 65537 (0x010001)
Enter pass phrase for dogiant.key:
Verifying - Enter pass phrase for dogiant.key:
D:\nginx-1.8.0\ssl>

輸入密碼后梳侨，再次重復(fù)輸入確認(rèn)密碼。記住此密碼仿荆，后面會(huì)用到。
創(chuàng)建csr證書:
在命令行中執(zhí)行命令： openssl req -new -key dogiant.key -out dogiant.csr
（key文件為剛才生成的文件坏平，lifes為自定義文件名)

D:\nginx-1.8.0\ssl>openssl req -new -key dogiant.key -out dogiant.csr
Enter pass phrase for dogiant.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:dogiant
Organizational Unit Name (eg, section) []:dogiant
Common Name (e.g. server FQDN or YOUR name) []:www.dogiant.com
Email Address []:18636380@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

D:\nginx-1.8.0\ssl>ls
dogiant.csr  dogiant.key

輸入的信息中最重要的為 Common Name拢操，這里輸入的域名即為我們要使用https訪問的域名。
以上步驟完成后舶替，ssl文件夾內(nèi)出現(xiàn)兩個(gè)文件：dogiant.csr dogiant.key

根據(jù)以下操作令境，復(fù)制文件，去除密碼顾瞪，生成crt證書

D:\nginx-1.8.0\ssl>copy dogiant.key dogiant.key.copy
已復(fù)制         1 個(gè)文件舔庶。

D:\nginx-1.8.0\ssl>openssl rsa -in dogiant.key.copy -out dogiant.key
Enter pass phrase for dogiant.key.copy:
writing RSA key

D:\nginx-1.8.0\ssl>openssl x509 -req -days 365 -in dogiant.csr -signkey dogiant.key -out dogiant.crt
Signature ok
subject=C = CN, ST = Beijing, L = Beijing, O = dogiant, OU = dogiant, CN = www.dogiant.com, emailAddress = 18636380@qq.com
Getting Private key

D:\nginx-1.8.0\ssl>ls
dogiant.crt       dogiant.csr       dogiant.key       dogiant.key.copy

以上的介紹稍顯啰嗦，簡(jiǎn)單說就是下面四句話

1陈醒、genrsa -des3 -out *.key 1024
2惕橙、req -new -key *.key -out *.csr
3、rsa -in *.key -out *_nopass.key
4钉跷、req -new -x509 -days 3650 -key *_nopass.key -out *.crt
*是你自己起的文件名弥鹦，第一個(gè)文件會(huì)提示設(shè)個(gè)密碼，后面會(huì)用到這個(gè)密碼爷辙。
第二個(gè)文件需要提供一些參數(shù)彬坏，像國(guó)家、省市膝晾、公司栓始、域名等。
總共會(huì)生成四個(gè)文件玷犹。

3.3修改nginx.conf 配置文件

    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

修改為:

    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  www.dogiant.com;

        ssl_certificate      D:/nginx-1.8.0/ssl/dogiant.crt;
        ssl_certificate_key  D:/nginx-1.8.0/ssl/dogiant.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

安裝中出現(xiàn)的問題記錄

我的系統(tǒng)是win7 x64混滔，nginx版本1.8.0洒疚，安裝中出現(xiàn)一個(gè)問題

2018-01-24_10h43_15.png

這提示指向是因?yàn)?ssl_session_cache 共享地址不一樣導(dǎo)致，查官網(wǎng)也是暫不清楚具體成因坯屿。

2018-01-24_10h47_39.png

把配置文件修改下油湖，注釋掉ssl_session_cache幾行，解決后领跛，啟動(dòng)成功
修改為:

    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  www.dogiant.com;

        ssl_certificate      D:/nginx-1.8.0/ssl/dogiant.crt;
        ssl_certificate_key  D:/nginx-1.8.0/ssl/dogiant.key;

        #ssl_session_cache    shared:SSL:1m;
        #ssl_session_timeout  5m;

        #ssl_ciphers  HIGH:!aNULL:!MD5;
        #ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

2018-01-24_10h53_02.png

https域名訪問

修改配置hosts

127.0.0.1 www.dogiant.com
訪問 https://www.dogiant.com

2018-01-24_10h55_15.png

結(jié)語：

本文演示了https的證書生成乏德，以及在nginx上的配置，記錄了遇到的問題及解決方案吠昭。
聊以記錄此文喊括，或許有點(diǎn)用。