# openssl自簽 開發用私有HTTPS SSL憑證 ###### tags: `openssl` `ssl` 開發時常會有需要在https環境下開發的需求 使用openssl產出 ssl憑證 ### 1. 首先建立 ssl.conf ``` # ssl.conf [req] prompt = no default_md = sha256 default_bits = 2048 distinguished_name = dn x509_extensions = v3_req [dn] C = TW ST = Taiwan L = Taipei CN = Google Corp. OU = Traffic emailAddress = your_email@google.com CN = Google Corp. [v3_req] subjectAltName = @alt_names [alt_names] DNS.1 = *.localhost DNS.2 = localhost DNS.3 = *.azurewebsites.net IP.1 = 127.0.0.1 IP.2 = your ip ``` Chrome會擋掉沒有寫在`[alt_names]`的來源，所以訪問來源要確實寫好 ### 2. 透過 OpenSSL 執行指令簽名 ``` openssl req -x509 -new -nodes -sha256 -utf8 -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt -config ssl.conf ``` 執行後我們會看到生成了兩支檔案，分別為公鑰`server.crt`和私鑰`server.key` ### 3. nginx `default.conf` 配置 ``` server { listen 443 ssl; # 憑證與金鑰的路徑 ssl_certificate /etc/ssl/certs/server.crt; ssl_certificate_key /etc/ssl/certs/server.key; location / { root /usr/share/nginx/html/; index index.html index.htm; try_files $uri $uri/ /index.html; } } ``` 這樣就大功告成啦，可以用https訪問開發中的網頁了。