惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Microsoft Azure Blog
Microsoft Azure Blog
MongoDB | Blog
MongoDB | Blog
小众软件
小众软件
Apple Machine Learning Research
Apple Machine Learning Research
O
OpenAI News
酷 壳 – CoolShell
酷 壳 – CoolShell
The GitHub Blog
The GitHub Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 聂微东
Engineering at Meta
Engineering at Meta
W
WeLiveSecurity
Hacker News: Ask HN
Hacker News: Ask HN
大猫的无限游戏
大猫的无限游戏
Vercel News
Vercel News
D
Docker
F
Full Disclosure
AI
AI
罗磊的独立博客
博客园 - 【当耐特】
U
Unit 42
S
SegmentFault 最新的问题
Stack Overflow Blog
Stack Overflow Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Palo Alto Networks Blog
博客园_首页
H
Help Net Security
量子位
月光博客
月光博客
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
F
Fortinet All Blogs
D
DataBreaches.Net
B
Blog RSS Feed
Webroot Blog
Webroot Blog
TaoSecurity Blog
TaoSecurity Blog
S
Secure Thoughts
爱范儿
爱范儿
I
InfoQ
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Attack and Defense Labs
Attack and Defense Labs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
C
CERT Recently Published Vulnerability Notes
Martin Fowler
Martin Fowler
Blog — PlanetScale
Blog — PlanetScale
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
Securelist

博客园 - ted

Docker commands 低代码 产品的核心价值 如何判断需求的优先级 以组件为基础,基于功能扩展的前端架构 演进中的架构 康威定理 技术解耦和团队解耦 SSL的那些事_二 Xamarin 技术解析 Javascript Promises 介绍 Javascript的模块化编程 UI 设计概念介绍 Head First iOS Programming 一个Web页面的问题分析 QCon杭州2012技术开发大会感受 Ajax请求与浏览器缓存 Java中的一些基础概念 你了解Java中String的substring函数吗?
SSL的那些事——三
ted · 2021-05-18 · via 博客园 - ted

为IIS和Nginx配置证书

IIS:

1. 服务器证书

2. 导入证书:pfx,需要密码

3. 目标站点,编辑绑定

4. 多证书绑定SNI

Nginx

1. 准备crt,key文件,放置到server的某个文件夹中

2. NGINX 配置文件

server {

    listen 443;

    ssl on;

}

证书转换:

openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

  • need to type in the importpassword of the .pfx file.
  • need to type a new password will protect your .key file

openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]

openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]

crt, key -> pfx

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt

openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt -in intermediate.crt -in rootca.crt

pfx -> crt, key

Convert the .pfx file using OpenSSL

After you have exported the certificate from the Windows server you will need to extract all the individual certificates and private key from the .pfx file using OpenSSL (instead of using OpenSSL, you can use the SSL Converter to convert the .pfx file to a .pem file and then follow step 3).

Copy the .pfx file to the server or another computer that has OpenSSL installed.

Run this OpenSSL command to create a text file with the contents of the .pfx file:

openssl pkcs12 -in mydomain.pfx -out mydomain.txt -nodes

Open the mydomain.txt file that the command created in a text editor. Copy each certificate/private key to its own text file including the "

-----BEGIN RSA PRIVATE KEY-----"

and "

-----BEGIN CERTIFICATE-----

" headers. Save them with names such as mydomain.key, mydomain.crt, intermediateCA.crt, etc.