服务端
下载安装
https://github.com/FiloSottile/mkcert/releases
#安装工具包sudo yum install nss-tools#改名[root@localhost local]# mv mkcert-v1.4.3-linux-amd64 mkcert#赋权限[root@localhost local]# chmod 755 mkcert#移动[root@localhost local]# mv mkcert /usr/local/bin
创建 local CA
[root@localhost local]# mkcert -installCreated a new local CAThe local CA is now installed in the system trust store! ⚡️The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)!
创建证书
[root@localhost mkcert]# mkcert 10.8.0.101Created a new certificate valid for the following names- "10.8.0.101"The certificate is at "./10.8.0.101.pem" and the key at "./10.8.0.101-key.pem" ✅It will expire on 26 November 2023
配置证书
server {listen 443 ssl;server_name localhost;#server_name icp.insujob.com;ssl_certificate ../ca/aliyun/2021/10.8.0.101.pem;ssl_certificate_key ../ca/aliyun/2021/10.8.0.101-key.pem;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_prefer_server_ciphers on;location / {proxy_pass http://linuxidc-icp;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header HTTP_X_FORWARDED_FOR $remote_addr;proxy_set_header Host $http_host;expires 20s;}}
- 查看证书位置 ```shell [root@localhost local]# mkcert -CAROOT /root/.local/share/mkcert
[root@localhost mkcert]# ll 总用量 8 -r———— 1 root root 2484 8月 26 14:44 rootCA-key.pem -rw-r—r— 1 root root 1688 8月 26 14:44 rootCA.pem
复制rootCA.pem 改名为 rootCA.crt<a name="iCypr"></a>### 客户端- rootCA.crt下载到客户端- 下载 mkcert-v1.4.3-windows-amd64.exe- installAll.bat```shell@echo offset p=%~dp0SETX CAROOT %p% && mkcert-v1.4.3-windows-amd64.exe -installpause
- 安装CA
双击rootCA.crt
- 安装证书
若有收获,就点个赞吧
0 人点赞
