


























为IIS和Nginx配置证书
IIS:
1. 服务器证书
2. 导入证书:pfx,需要密码
3. 目标站点,编辑绑定
4. 多证书绑定SNI
Nginx
1. 准备crt,key文件,放置到server的某个文件夹中
2. NGINX 配置文件
server {
listen 443;
ssl on;
}
证书转换:
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
crt, key -> pfx
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -in intermediate.crt -in rootca.crt
pfx -> crt, key
Convert the .pfx file using OpenSSL
After you have exported the certificate from the Windows server you will need to extract all the individual certificates and private key from the .pfx file using OpenSSL (instead of using OpenSSL, you can use the SSL Converter to convert the .pfx file to a .pem file and then follow step 3).
Copy the .pfx file to the server or another computer that has OpenSSL installed.
Run this OpenSSL command to create a text file with the contents of the .pfx file:
openssl pkcs12 -in mydomain.pfx -out mydomain.txt -nodes
Open the mydomain.txt file that the command created in a text editor. Copy each certificate/private key to its own text file including the "
-----BEGIN RSA PRIVATE KEY-----"
and "
-----BEGIN CERTIFICATE-----
" headers. Save them with names such as mydomain.key, mydomain.crt, intermediateCA.crt, etc.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。