1.使用keytool生成keystore证书

keytool -genkeypair -alias dxxvue -keyalg RSA -keysize 2048 -validity 3650 -keypass 123456 -storepass 123456 -keystore E:\cert\ssl\zkr.keystorekeytool -importkeystore -srckeystore E:\cert\ssl\zkr.keystore -destkeystore E:\cert\ssl\zkr.p12 -srcstoretype JKS -deststoretype PKCS12keytool -exportcert -file E:\cert\ssl\zkr.cer -alias dxxvue -keystore E:\cert\ssl\zkr.keystore -storepass 123456

2.使用OpenSSL提供公钥私钥

ps:openssl下载地址:/products/Win32OpenSSL.html

安装完成后打开Openssl Command Prompt

openssl x509 -inform der -in E:\cert\ssl\zkr.cer -out E:\cert\ssl\zkr.pemopenssl pkcs12 -nocerts -nodes -in E:\cert\ssl\zkr.p12 -out E:\cert\ssl\zkr.key

3.将.pem和.key文件放至nginx/config(也可其他路径)下

4.修改nginx.conf

listen 8085 ssl;server_name 机器IP;ssl_certificate /usr/local/nginx-1.20.1/conf/zkr.pem;ssl_certificate_key /usr/local/nginx-1.20.1/conf/zkr.key;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;ssl_ciphers HIGH:!aNULL:!MD5;ssl_prefer_server_ciphers on;# http访问时,497状态码,强转https# http发送post请求时,302重定向会导致post转get,故302 => 307(根据实际情况判断301还是302)error_page 497 302 =307 https://$host:$server_port$uri$is_args$args;