国产探花免费观看_亚洲丰满少妇自慰呻吟_97日韩有码在线_资源在线日韩欧美_一区二区精品毛片,辰东完美世界有声小说,欢乐颂第一季,yy玄幻小说排行榜完本

首頁 > 網站 > Nginx > 正文

nginx代理服務器配置雙向證書驗證的方法

2024-08-30 12:30:13
字體:
來源:轉載
供稿:網友

生成證書鏈

腳本生成一個根證書, 一個中間證書(intermediate), 三個客戶端證書.

中間證書的域名為 localhost.

#!/bin/bash -xset -efor C in `echo root-ca intermediate`; do mkdir $C cd $C mkdir certs crl newcerts private cd .. echo 1000 > $C/serial touch $C/index.txt $C/index.txt.attr echo '[ ca ]default_ca = CA_default[ CA_default ]dir      = '$C'  # Where everything is keptcerts     = $dir/certs        # Where the issued certs are keptcrl_dir    = $dir/crl        # Where the issued crl are keptdatabase    = $dir/index.txt      # database index file.new_certs_dir = $dir/newcerts      # default place for new certs.certificate  = $dir/cacert.pem        # The CA certificateserial     = $dir/serial        # The current serial numbercrl      = $dir/crl.pem        # The current CRLprivate_key  = $dir/private/ca.key.pem    # The private keyRANDFILE    = $dir/.rnd   # private random number filenameopt    = default_cacertopt    = default_capolicy     = policy_matchdefault_days  = 365default_md   = sha256[ policy_match ]countryName      = optionalstateOrProvinceName  = optionalorganizationName    = optionalorganizationalUnitName = optionalcommonName       = suppliedemailAddress      = optional[req]req_extensions = v3_reqdistinguished_name = req_distinguished_name[req_distinguished_name][v3_req]basicConstraints = CA:TRUE' > $C/openssl.confdoneopenssl genrsa -out root-ca/private/ca.key 2048openssl req -config root-ca/openssl.conf -new -x509 -days 3650 -key root-ca/private/ca.key -sha256 -extensions v3_req -out root-ca/certs/ca.crt -subj '/CN=Root-ca'openssl genrsa -out intermediate/private/intermediate.key 2048openssl req -config intermediate/openssl.conf -sha256 -new -key intermediate/private/intermediate.key -out intermediate/certs/intermediate.csr -subj '/CN=localhost.'openssl ca -batch -config root-ca/openssl.conf -keyfile root-ca/private/ca.key -cert root-ca/certs/ca.crt -extensions v3_req -notext -md sha256 -in intermediate/certs/intermediate.csr -out intermediate/certs/intermediate.crtmkdir outfor I in `seq 1 3` ; do openssl req -new -keyout out/$I.key -out out/$I.request -days 365 -nodes -subj "/CN=$I.example.com" -newkey rsa:2048 openssl ca -batch -config root-ca/openssl.conf -keyfile intermediate/private/intermediate.key -cert intermediate/certs/intermediate.crt -out out/$I.crt -infiles out/$I.requestdone

服務器

nginx 配置

worker_processes 1;events {  worker_connections 1024;}stream{  upstream backend{    server 127.0.0.1:8080;  }  server {    listen 8888 ssl;    proxy_pass backend;    ssl_certificate   intermediate.crt;    ssl_certificate_key intermediate.key;    ssl_verify_depth 2;    ssl_client_certificate root.crt;    ssl_verify_client optional_no_ca;  }}

客戶端

curl / -I / -vv / -x https://localhost:8888/ / --proxy-cert client1.crt / --proxy-key client1.key / --proxy-cacert ca.crt / https://www.baidu.com/

總結

以上就是這篇文章的全部內容了,希望本文的內容對大家的學習或者工作具有一定的參考學習價值,謝謝大家對VEVB武林網的支持。


注:相關教程知識閱讀請移步到服務器教程頻道。
發表評論 共有條評論
用戶名: 密碼:
驗證碼: 匿名發表
主站蜘蛛池模板: 包头市| 哈巴河县| 郧西县| 依兰县| 陵水| 武胜县| 长丰县| 宁阳县| 孟州市| 兴宁市| 湘阴县| 孝昌县| 邻水| 长葛市| 手机| 浮山县| 常州市| 尤溪县| 麟游县| 利津县| 望都县| 六安市| 五莲县| 天全县| 平遥县| 泗洪县| 中宁县| 上杭县| 灵丘县| 南投市| 清流县| 陆河县| 荥经县| 永城市| 湘西| 渑池县| 民权县| 河北区| 鞍山市| 读书| 兴仁县|