nginx中使用pfx格式的ssl证书

原文及更多文章请见个人博客：http://heartlifes.com

首先，nginx在编译安装时得安装ssl模块
上传ssl证书到服务器/usr/local/nginx/ssl/xxx.pfx

生成证书crt可key

openssl pkcs12 -in /usr/local/nginx/ssl/xxx.pfx -clcerts -nokeys -out /usr/local/nginx/ssl/xxx.crtopenssl pkcs12 -in /usr/local/nginx/ssl/xxx.pfx -nocerts -nodes -out /usr/local/nginx/ssl/xxx.rsa

验证证书正确性

openssl s_server -www -accept 443 -cert /usr/local/nginx/ssl/xxx.crt -key /usr/local/nginx/ssl/xxx.rsa

配置nginx

server {      listen 443;      server_name localhost;    ssl on;      ssl_certificate /usr/local/nginx/ssl/xxx.crt;      ssl_certificate_key /usr/local/nginx/ssl/xxx.rsa;      ssl_session_timeout 5m;      ssl_protocols SSLv2 SSLv3 TLSv1;      ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;      ssl_prefer_server_ciphers on;      location ~ /api/(.*) {            proxy_redirect off;            proxy_set_header Host $host;            proxy_set_header X-Ssl on;            proxy_set_header X-Real-IP $remote_addr;            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;            proxy_pass http://serverAPI;        }    }