-
Windows 安裝 nginx
a. 下載
-
GCA 憑證處理紀錄
a. GRCA1 自簽憑證 GRCA 自發憑證(GRCA1 簽 GRCA1.5) GRCA 自發憑證(GRCA1.5 簽 GRCA2) GCA2 自簽憑證
b. 轉成 crt
openssl x509 -inform DER -in orig.cer -out dest.crt
c. 將已經成為 pfx 檔的 GCA 憑證的 Private Key 與 Certification 分別匯出
Private Key:
openssl pkcs12 -in orig.pfx -nocerts -out dest.key.pem -nodes
Certification:
openssl pkcs12 -in orig.pfx -nokeys -out dest.cert.pem
d. 加入 GRCA/GCA 自簽憑證
cat grca1.crt .... >> dest.cert.pem
-
SNI
a.
worker_processes auto
b.
http
下server_names_hash_bucket_size 64;
c.
http
下 多個server
描述 SNI,接到 443 轉給原來的 80server { listen 443 ssl; server_name abc.local; ssl_certificate 'C:/Program Files/nginx-1.12.2/conf/abc.local.cert.pem'; ssl_certificate_key 'C:/Program Files/nginx-1.12.2/conf/abc.local.key.pem'; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost/abc/; } } server { listen 443 ssl; server_name def.local; ssl_certificate 'C:/Program Files/nginx-1.12.2/conf/def.local.cert.pem'; ssl_certificate_key 'C:/Program Files/nginx-1.12.2/conf/def.local.key.pem'; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://localhost/def; } } ...
Last active
February 23, 2019 09:48
-
-
Save sujunmin/2a72345a6c02ea7c7fb448b95de8d7a4 to your computer and use it in GitHub Desktop.
Windows 安裝 nginx, GCA 憑證處理紀錄, SNI
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment