devbox
从前慢现在也慢
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

Nginx七(https服务器端搭建)

作者:从前慢现在也慢 | 2024-02-18 01:55:18

Nginx七(https服务器端搭建)

创作人QQ:851301776,邮箱:lfr890207@163.com,欢迎大家一起技术交流,本博客主要是自己学习的心得体会,只为每天进步一点点!

个人座右铭:
1.没有横空出世,只要厚积一定发。
2.你可以学历不高,你可以不上学,但你不能不学习

所有的博客,最开始都是基础版,会不断的增加完善细节和内容,主要是为了自己在遇到类似项目可以快速解决
 

一、概述

        https采用RSA非对称加密,简单理解就是:通过公钥进行加密,通过私钥进行解密。https采用非对称加密。

二、https证书生成

1.首先设置配套的域名

备注:密码(123456)

(1)目录和文件创建

首先创建域名文件夹,然后去拷贝对应的openssl.cnf文件,

在域名目录下创建demoCA目录

 进入demoCA目录,并创建对应的文件,并写入。

(2)给服务器生成证书

 输入指令,并按照提示输入密码

(3)对服务器证书进行签名

 只有密码是和之前相同的,输入域名的两个输入域名,其他的自己随意输入,但是输入的需要记住,需要和生成CA证书的输入的一致。

(4)给CA生成证书

 这部只需要按照指令输入证书,主要是生成CA证书

(5)CA给服务器颁发证书

  1. mrlee@mrlee-virtual-machine:~/https/www.lifurong.com$ openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf 
  2. Using configuration from openssl.cnf
  3. Enter pass phrase for ca.key:
  4. Check that the request matches the signature
  5. Signature ok
  6. Certificate Details:
  7.         Serial Number: 1 (0x1)
  8.         Validity
  9.             Not Before: May 16 15:31:58 2022 GMT
  10.             Not After : May 16 15:31:58 2023 GMT
  11.         Subject:
  12.             countryName               = CN
  13.             stateOrProvinceName       = mrlee
  14.             organizationName          = mrlee.Ltd
  15.             organizationalUnitName    = www.lifurong.com
  16.             commonName                = www.lifurong.com
  17.             emailAddress              = lifurong@163.com
  18.         X509v3 extensions:
  19.             X509v3 Basic Constraints: 
  20.                 CA:FALSE
  21.             Netscape Comment: 
  22.                 OpenSSL Generated Certificate
  23.             X509v3 Subject Key Identifier: 
  24.                 57:E2:79:84:AF:5D:84:4F:38:F1:11:7A:49:BF:EE:CC:B2:B6:18:F3
  25.             X509v3 Authority Key Identifier: 
  26.                 keyid:50:42:0C:FC:47:8D:51:33:0F:C8:83:7B:B2:E2:30:76:73:05:01:BB
  27.  
  28. Certificate is to be certified until May 16 15:31:58 2023 GMT (365 days)
  29. Sign the certificate? [y/n]:y
  30.  
  31.  
  32. 1 out of 1 certificate requests certified, commit? [y/n]y
  33. Write out database with 1 new entries
  34. Data Base Updated

备注:第三步和第四步输入的不符,这块特别容易出错,错误提示如下:

(6) 生成服务器使用的证书

 红色框里面的指令

(7)查看生成的server.pem

  1. mrlee@mrlee-virtual-machine:~/https/www.lifurong.com$ cat server.pem 
  2. Certificate:
  3.     Data:
  4.         Version: 3 (0x2)
  5.         Serial Number: 1 (0x1)
  6.         Signature Algorithm: sha256WithRSAEncryption
  7.         Issuer: C=CN, ST=mrlee, L=CS, O=mrlee.Ltd, OU=www.lifurong.com, CN=www.lifurong.com/emailAddress=lifurong@163.com
  8.         Validity
  9.             Not Before: May 16 15:31:58 2022 GMT
  10.             Not After : May 16 15:31:58 2023 GMT
  11.         Subject: C=CN, ST=mrlee, O=mrlee.Ltd, OU=www.lifurong.com, CN=www.lifurong.com/emailAddress=lifurong@163.com
  12.         Subject Public Key Info:
  13.             Public Key Algorithm: rsaEncryption
  14.                 RSA Public-Key: (1024 bit)
  15.                 Modulus:
  16.                     00:cc:95:3e:bc:99:f9:f0:ed:b5:8b:e7:87:54:cc:
  17.                     83:a9:21:cf:ec:63:79:21:0e:b0:8e:4a:1c:d4:25:
  18.                     3d:e5:f0:c1:c8:0a:90:23:7a:b3:33:7f:95:1e:34:
  19.                     bf:86:74:49:4f:12:f9:97:e0:99:1a:48:42:d8:0d:
  20.                     0b:d3:d5:88:c9:75:04:23:6b:91:73:5d:ee:e5:2b:
  21.                     25:01:75:58:bf:1d:de:9d:a9:ec:c0:32:98:15:8b:
  22.                     76:7c:eb:7a:d3:1a:e7:40:03:d1:4a:3a:4c:d0:0a:
  23.                     81:02:47:51:a5:e9:34:98:40:56:4e:90:04:33:a0:
  24.                     fc:97:0c:51:fe:af:2e:43:db
  25.                 Exponent: 65537 (0x10001)
  26.         X509v3 extensions:
  27.             X509v3 Basic Constraints: 
  28.                 CA:FALSE
  29.             Netscape Comment: 
  30.                 OpenSSL Generated Certificate
  31.             X509v3 Subject Key Identifier: 
  32.                 57:E2:79:84:AF:5D:84:4F:38:F1:11:7A:49:BF:EE:CC:B2:B6:18:F3
  33.             X509v3 Authority Key Identifier: 
  34.                 keyid:50:42:0C:FC:47:8D:51:33:0F:C8:83:7B:B2:E2:30:76:73:05:01:BB
  35.  
  36.     Signature Algorithm: sha256WithRSAEncryption
  37.          82:e9:34:45:77:e0:c1:9a:be:d7:ef:20:dc:de:7d:9f:44:8e:
  38.          f0:fb:5f:db:79:39:5c:f0:19:e0:f4:24:b0:f2:51:e4:df:40:
  39.          38:98:38:b1:c6:31:be:df:55:45:bc:45:13:7a:44:6b:06:bd:
  40.          7a:b3:54:19:7c:f7:1b:03:e6:af:9f:9b:aa:17:c9:4a:86:9d:
  41.          c2:f8:a1:4a:2d:47:3f:64:5c:7c:07:09:cc:0b:6c:bf:0c:dd:
  42.          ba:93:6d:c6:ca:75:22:0a:92:ad:ff:bb:22:a3:43:bf:c9:8c:
  43.          ca:ec:b8:a6:11:43:ea:62:51:82:c1:7c:3d:72:8f:1b:f7:c5:
  44.          54:89:22:57:53:fa:16:6c:27:53:0e:2d:50:cb:22:e1:79:6e:
  45.          a9:aa:94:b3:a5:29:ba:77:f8:2f:4b:9b:11:56:84:5d:99:30:
  46.          0c:e1:24:65:79:48:87:49:72:69:72:a2:ba:4a:48:9d:e0:82:
  47.          58:2c:4b:06:37:a2:0a:2e:1b:ce:df:ce:63:45:49:cc:cd:48:
  48.          ed:5f:0b:f6:cd:62:f2:11:02:de:57:cc:e3:a8:62:20:c3:4f:
  49.          c0:28:c3:fb:a1:00:cb:f5:7e:48:52:f7:95:78:71:a1:da:1a:
  50.          cc:76:1d:ad:03:5c:6a:a0:6a:3c:0a:26:dd:d4:6d:4d:90:1f:
  51.          21:01:ea:5a
  52. -----BEGIN CERTIFICATE-----
  53. MIIDkTCCAnmgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlTELMAkGA1UEBhMCQ04x
  54. DjAMBgNVBAgMBW1ybGVlMQswCQYDVQQHDAJDUzESMBAGA1UECgwJbXJsZWUuTHRk
  55. MRkwFwYDVQQLDBB3d3cubGlmdXJvbmcuY29tMRkwFwYDVQQDDBB3d3cubGlmdXJv
  56. bmcuY29tMR8wHQYJKoZIhvcNAQkBFhBsaWZ1cm9uZ0AxNjMuY29tMB4XDTIyMDUx
  57. NjE1MzE1OFoXDTIzMDUxNjE1MzE1OFowgYgxCzAJBgNVBAYTAkNOMQ4wDAYDVQQI
  58. DAVtcmxlZTESMBAGA1UECgwJbXJsZWUuTHRkMRkwFwYDVQQLDBB3d3cubGlmdXJv
  59. bmcuY29tMRkwFwYDVQQDDBB3d3cubGlmdXJvbmcuY29tMR8wHQYJKoZIhvcNAQkB
  60. FhBsaWZ1cm9uZ0AxNjMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM
  61. lT68mfnw7bWL54dUzIOpIc/sY3khDrCOShzUJT3l8MHICpAjerMzf5UeNL+GdElP
  62. EvmX4JkaSELYDQvT1YjJdQQja5FzXe7lKyUBdVi/Hd6dqezAMpgVi3Z863rTGudA
  63. A9FKOkzQCoECR1Gl6TSYQFZOkAQzoPyXDFH+ry5D2wIDAQABo3sweTAJBgNVHRME
  64. AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
  65. ZTAdBgNVHQ4EFgQUV+J5hK9dhE848RF6Sb/uzLK2GPMwHwYDVR0jBBgwFoAUUEIM
  66. /EeNUTMPyIN7suIwdnMFAbswDQYJKoZIhvcNAQELBQADggEBAILpNEV34MGavtfv
  67. INzefZ9EjvD7X9t5OVzwGeD0JLDyUeTfQDiYOLHGMb7fVUW8RRN6RGsGvXqzVBl8
  68. 9xsD5q+fm6oXyUqGncL4oUotRz9kXHwHCcwLbL8M3bqTbcbKdSIKkq3/uyKjQ7/J
  69. jMrsuKYRQ+piUYLBfD1yjxv3xVSJIldT+hZsJ1MOLVDLIuF5bqmqlLOlKbp3+C9L
  70. mxFWhF2ZMAzhJGV5SIdJcmlyorpKSJ3gglgsSwY3ogouG87fzmNFSczNSO1fC/bN
  71. YvIRAt5XzOOoYiDDT8Aow/uhAMv1fkhS95V4caHaGsx2Ha0DXGqgajwKJt3UbU2Q
  72. HyEB6lo=
  73. -----END CERTIFICATE-----
  74. -----BEGIN RSA PRIVATE KEY-----
  75. Proc-Type: 4,ENCRYPTED
  76. DEK-Info: DES-EDE3-CBC,28D05C6D4215CCA1
  77.  
  78. lEJxVf0crlnGdV5qrUZXga0zUqw8GHgHkjHnKdptl9jPl1xxbV0Doj33d2J0VQCu
  79. nLbM8PX8qZYL8YvI1PzCd+X1VsAj52hb+fMUhEgnRb++bbYr2IT2+K1/oHcgBmg5
  80. NVqOd+VtTKJS45cpD1F4ubsqYBfGkGK9whQFGvJB3hZc6gWRcShtw0jsAx3VeOSl
  81. YjtxapdPrPT2StBQmS0xEgrz81A2ftTqvPmqD/1IthG4hemmRoDPcjnF/GoWzJax
  82. 7gGsi8VbYbCKYQHxxC5Wu95N3xAxz8bIfEsCuwJS0ZU1mK18MYeAzZMbS0AVis81
  83. G/tsaQVQUPk+qbxdUBAsMMpHdtSsWgPaRvftO29A6ga1ZhGTHdK7wpJx60biF8A9
  84. sVN904PHO0TOW3vKow5mN07BXgLZEUSlvnTeiWwE7WaLwFsWtpt467Seo45gGrOt
  85. 4vc3wLzcG/NAMGiAs4j+RHvrIus9WOiBjlEUFnt32MUnQ9htHoLhriw1eDGwkQFf
  86. XwOo3uBMI21QX6Qc6+fOtA6YY5a+RQBBZ/5DFSndSOMPXjXfdCJKHVzHOZc+Iy7O
  87. tj4h8ATpv+Bz3CPaAZqbig3EuMtJn9iOp1uqE7UdZhjDXQqq0DPFHa47aitKFp7b
  88. /V4KUfjWb0JldAJ0KFxPW3t9zKlBFihcd7/9sPbg6MI6ortrwFUMl3lN4v737oBz
  89. e8Ou01Sf0UCpZT3OQianCQj5ja6j3LRzUEkxoKXcjyXR/hF2Lu9kX7mramJPtMSG
  90. MK5F9AvFrHuKHZ2ahT+eZXncdF1OHal1ghZlBS1hgbqyI53mU3MOyA==
  91. -----END RSA PRIVATE KEY-----

三、windows配置

 主要是修改hosts文件,加入域名和IP相对应,这样设置的好处是,直接使用本地,不使用DNS。

 ping一把试试

 四、nginx配置

1.nginx配置

打开nginx.conf,在http模块中加入以下server,内容如下:

  1.  
  2.     # HTTPS server
  3.     server {
  4.     	listen 443; //端口
  5. 	    server_name www.lifurong.com; //域名
  6. 	
  7. 	    ssl on;    //开启ssl
  8. 	    ssl_certificate /home/mrlee/https/www.lifurong.com/server.pem; //
  9. 	    ssl_certificate_key /home/mrlee/https/www.lifurong.com/server.key;//解密使用的
  10. 	
  11.         //测试使用
  12. 	    location / {
  13.                 root   /mnt/hgfs/project/visual_gateway/software/camera_lists;
  14.                 index  camera_lists.txt;
  15.             }
  16.      }

注意:nginx配置,./configure --with-http_ssl_module,需要引入--with-http_ssl_module选项

2.启动nginx

     启动nginx需要引入配置文件,但是需要输入密码,密码为:

 五、测试

在IE浏览器输入(注意使用IE浏览器):

 主要原因是公钥CA证书没有认证,此步骤:

换句话说就是假的,就是CA证书一般不是自己提供,而是公司提供,通过认证的CA证书

点击继续浏览此网站

 虽然显示证书错误,但是已经可以拉取到内容

修改nginx配置如下:

  1.   # HTTPS server
  2.     server {
  3.     	listen 443;
  4. 	server_name www.lifurong.com;
  5. 	
  6. 	ssl on;
  7. 	ssl_certificate /home/mrlee/https/www.lifurong.com/server.pem;
  8. 	ssl_certificate_key /home/mrlee/https/www.lifurong.com/server.key;
  9. 	
  10. 	location / {
  11.             root   html;
  12.             index  index.html index.htm;
  13.        }
  14.     }

重启nginx

 查看浏览器输入:

六、https客户端搭建

1.修改文件

 引入域名对应的IP

 

2.客户端程序流程

 代码是按照此流程写的

3.掩码

编译:gcc -o xx xx.c -lssl -lcrypto

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/从前慢现在也慢/article/detail/103498?site
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号