# 建立保存目录
mkdir /etc/cert
cd /etc/cert
# 生成1024位加密的服务器私钥
openssl genrsa -out 1024
# 制作CSR证书申请文件
openssl req -new -key -out

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:Chongqing
Locality Name (eg, city) [Newbury]:Chongqing
Organization Name (eg, company) [My Company Ltd]:Vinoach
Organizational Unit Name (eg, section) []:Vinoach
Common Name (eg, your name or your server's hostname) []

Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request

A challenge password []:
An optional company name []:
# 如果这里填写完整的话生成的csr文件是可以用来给证书机构生成商业证书的


openssl x509 -req -days 3650 -in -signkey vinoach.key -out vinoach.crt



# HTTPS server
server {
    listen 443;

    ssl on;
    ssl_certificate /etc/cert/example.crt;(相应的文件位置)
    ssl_certificate_key /etc/cert/;

    ssl_session_timeout 5m;

    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;
    index index.html index.htm index.php;
    root /home/wwwroot/;(服务器上相应的目录)

    location ~ .*.(php|php5)?$
        try_files $uri =404;
        fastcgi_pass unix:/tmp/php-cgi.sock;
        fastcgi_index index.php;
        include fcgi.conf;

    location /status {
        stub_status on;
        access_log off;

    location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$
        expires 30d;

    location ~ .*.(js|css)?$
        expires 12h;

    access_log /home/wwwlogs/access.log access;

配置结束上传以后用nginx -t 测试下配置无误 就reload一下nginx服务 检查443端口是否在监听

nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful (显示表示配置文件没有错误)

service nginx reload (重新加载nginx服务)
netstat -lan | grep 443 (查看443端口)
tcp 0 0* LISTEN (有看到这一行 就表示HTTPS已经在工作了)