自签名https

Mar 18, 2023118

AI-generated summary

In order to access the blog's image resources through a home IP, NAT forwarding is used. However, the website is hosted on TX Cloud and accessed through HTTPS. The IP provided by DDNS cannot serve HTTP, as it will be blocked by browsers. Therefore, a certificate needs to be created and self-signed, as configuring it on the DDNS side is difficult. The process involves generating a private key, removing the password from the key, generating a CSR (Certificate Signing Request) file, and finally generating a self-signed SSL certificate. The Nginx server is then configured to use the SSL certificate for secure communication.

为了能让博客的图片资源直接走家里的 ip, nat 转发了下，但是，网页托管在 tx 云，访问的时候是 https, ddns 出来的 ip 不能以 http 提供服务，不然会被浏览器拦住

所以要搞个证书，自己签一个得了，ddns 那边不好配置。

生成私钥#

openssl genrsa -des3 -out server.pass.key 2048

去除私钥中的密码#

openssl rsa -in server.pass.key -out server.key

生成 CSR（证书签名请求文件）#

openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=Guangdong/L=Guangzhou/O=xdevops/OU=xdevops/CN=thisisyourdomain.com"

CN 域名
C 国家

生成自签名的 SSL 证书#

openssl x509 -req -days 1825 -in server.csr -signkey server.key -out

days 过期天数

配置 nginx#

··· nginx
server {

            listen 1443 ssl;
            server_name 405563g5f5.wicp.vip:1443;
            ssl_certificate /xxxxxx/server.crt;
            ssl_certificate_key /xxxxxxxxxx/server.key;
            ssl_session_cache    shared:SSL:1m;
            ssl_session_timeout  5m;
            server_tokens off;
            keepalive_timeout 70;
            ssl_ciphers  HIGH:!aNULL:!MD5;
            ssl_prefer_server_ciphers  on;



    }

···