当前位置 主页 > 服务器问题 > nginx问题汇总 >

    nginx配置ssl双向验证的方法

    栏目:nginx问题汇总 时间:2018-11-23 16:33

    这篇文章主要介绍了nginx配置ssl双向验证的方法,需要的朋友可以参考下

    1、安装nginx略

    //www.iis7.com/article/49479.htm

    2、使用openssl实现证书中心
    由于是使用openssl架设私有证书中心,因此要保证以下字段在证书中心的证书、服务端证书、客户端证书中都相同
    Country Name
    State or Province Name
    Locality Name
    Organization Name
    Organizational Unit Name

    编辑证书中心配置文件
    vim /etc/pki/tls/openssl.cnf

    [ CA_default ]
    dir             = /etc/pki/CA
    certs           = $dir/certs            # Where the issued certs are kept
    crl_dir         = $dir/crl              # Where the issued crl are kept
    database        = $dir/index.txt        # database index file.
    #unique_subject = no                    # Set to 'no' to allow creation of
                                           # several ctificates with same subject.
    new_certs_dir   = $dir/newcerts         # default place for new certs.
    certificate     = $dir/cacert.pem       # The CA certificate
    serial          = $dir/serial           # The current serial number
    crlnumber       = $dir/crlnumber        # the current crl number                                        # must be commented out to leave a V1 CRL
    crl             = $dir/crl.pem          # The current CRL
    private_key     = $dir/private/cakey.pem# The private key
    RANDFILE        = $dir/private/.rand    # private random number file

    [ req_distinguished_name ]
    countryName                     = Country Name(2 letter code)
    countryName_default             = CN
    countryName_min                 = 2
    countryName_max                 = 2
    stateOrProvinceName             = State or Province Name (full name)
    stateOrProvinceName_default     = FJ
    localityName                    = Locality Name (eg, city)
    localityName_default            = FZ
    0.organizationName              = Organization Name (eg, company)
    0.organizationName_default      = zdz