godaddy SSL证书申请
生成CSRs (Certificate Signing Requests)
从服务器上生成证书签名请求(CSRs):
1
|
openssl req -new -newkey rsa:2048 -nodes -keyout coolexample.key -out coolexample.csr
|
用自己的域名替换coolexample,执行生成key和csr两个文件
创建参考
1
2
3
4
5
6
7
8
|
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server_csr.txt -days 365 -x509 -subj "/C=*Country*/ST=*State or Province*/L=*Locality or City*/O=*Company*/OU=*Organizational unit*/CN=*Common Name*"
Country: use a valid 2-letter country-code.
State or Province: use your state or Province name, or use the Locality name if you have none.
Locality or City: use your city, town or other locality name.
Company: use your company/organization name or put NA (Not Applicable).
Organizational Unit: use your unit or department name or put NA (Not Applicable).
Common Name: put your domain name here (i.e. www.nctest.info or nctest.info), put *.domain_name (i.e. *.nctest.info) if you are using a wildcard type SSL.
|
颁发证书
Godaddy证书中管理证书输入证书签名请求(CSRs),即coolexample.csr文件内容,然后提交等待颁发证书
下载证书
选择下载对应服务器类型的证书,以nginx为例:(两个crt,一个pem文件)
1
|
cat 53f58e3ac2172cd5.crt gd_bundle-g2-g1.crt > coolexample.crt
|
注:记住一定是53….crt在前,gd_…crt在后
验证证书
验证 秘钥与证书是否匹配:(输出一样表示是匹配的)
1
2
3
4
|
openssl x509 -noout -modulus -in coolexample.crt | openssl md5
(stdin)= 3538b45d2bec6eb1f12dd64cd364ff05
openssl rsa -noout -modulus -in coolexample.key | openssl md5
(stdin)= 3538b45d2bec6eb1f12dd64cd364ff05
|
在godaddy有ssl tools工具可以查看验证证书信息。
nginx配置:
1
2
|
ssl_certificate /etc/nginx/ssl/coolexample.crt;
ssl_certificate_key /etc/nginx/ssl/coolexample.key;
|
参考