建立新的自我簽署的憑證檔

產生新的憑證檔

  • new-cert.key
  • new-cert.crt
cd /dir/to/your/cert
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout new-cert.key \
-out new-cert.crt

chown 1000.1000 new-cert.*

修改 Nginx 設定

cd /path/to/nginx
vi site-confs/default

ssl_certificate /config/keys/new-cert.crt;
ssl_certificate_key /config/keys/new-cert.key;

檢查憑證檔的內容

openssl x509 -in cert.crt -noout -text

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:85:b0:74:34:91:da:d3:cf:c4:16:9d:50:19:75:5a:c4:b5:9d:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, ST = CA, L = Carlsbad, O = Linuxserver.io, OU = LSIO Server, CN = *
Validity
Not Before: May 24 11:23:44 2020 GMT
Not After : May 22 11:23:44 2030 GMT
Subject: C = US, ST = CA, L = Carlsbad, O = Linuxserver.io, OU = LSIO Server, CN = *
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:3b:5c:10:cc:e3:0e:69:d6:2a:b8:46:25:1e:
6b:30:2d:a9:9a:39:a2:5d:5a:f6:42:70:15:ad:f7:
68:3c:82:f3:4a:3d:40:70:cf:54:e1:36:c1:f0:e0:
...