godaddy SSL证书申请

生成CSRs (Certificate Signing Requests)

从服务器上生成证书签名请求(CSRs):

1
openssl req -new -newkey rsa:2048 -nodes -keyout coolexample.key -out coolexample.csr

用自己的域名替换coolexample,执行生成key和csr两个文件

创建参考

1
2
3
4
5
6
7
8
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server_csr.txt -days 365 -x509 -subj "/C=*Country*/ST=*State or Province*/L=*Locality or City*/O=*Company*/OU=*Organizational unit*/CN=*Common Name*"

Country:             use a valid 2-letter country-code.
State or Province:   use your state or Province name, or use the Locality name if you have none.
Locality or City:    use your city, town or other locality name.
Company:             use your company/organization name or put NA (Not Applicable).
Organizational Unit: use your unit or department name or put NA (Not Applicable).
Common Name:         put your domain name here (i.e. www.nctest.info or nctest.info), put *.domain_name (i.e. *.nctest.info) if you are using a wildcard type SSL.

颁发证书

Godaddy证书中管理证书输入证书签名请求(CSRs),即coolexample.csr文件内容,然后提交等待颁发证书

下载证书

选择下载对应服务器类型的证书,以nginx为例:(两个crt,一个pem文件)

1
cat 53f58e3ac2172cd5.crt gd_bundle-g2-g1.crt > coolexample.crt

注:记住一定是53….crt在前,gd_…crt在后

验证证书

验证 秘钥与证书是否匹配:(输出一样表示是匹配的)

1
2
3
4
openssl x509 -noout -modulus -in coolexample.crt | openssl md5
(stdin)= 3538b45d2bec6eb1f12dd64cd364ff05 
openssl rsa -noout -modulus -in coolexample.key | openssl md5
(stdin)= 3538b45d2bec6eb1f12dd64cd364ff05

在godaddy有ssl tools工具可以查看验证证书信息。

nginx配置:

1
2
ssl_certificate /etc/nginx/ssl/coolexample.crt;
ssl_certificate_key /etc/nginx/ssl/coolexample.key;

参考