linux系统自签发免费ssl证书，为nginx生成自签名ssl证书

安装nginx可参考：
nginx重新编译支持ssl可参考：
接下来手动配置ssl证书：
自己手动颁发证书的话，那么https是不被浏览器认可的，就是https上面会有一个大红叉
下面是手动颁发证书的操作

切换到nginx配置文件

# cd /usr/local/nginx/conf

创建配置证书目录

# mkdir ssl
# cd ssl

1.生成私钥

openssl genrsa -des3 -out cert.key 1024   #生成1024的证书私钥
Generating RSA private key, 1024 bit long modulus
............++++++
......................++++++
e is 65537 (0x10001)
Enter pass phrase for cert.key:  #提示输入密码
Verifying - Enter pass phrase for cert.key:  #确认密码

2.创建证书请求

#  openssl req -new -key cert.key -out cert.csr
Enter pass phrase for cert.key:   #输入密码
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:cn   #国家
State or Province Name (full name) [Some-State]:shanghai #省份
Locality Name (eg, city) []:shanghai  #地区名字
Organization Name (eg, company) [Internet Widgits Pty   Ltd]:westos   #公司名
Organizational Unit Name (eg, section) []:linux  #部门
Common Name (e.g. server FQDN or YOUR name) []:server #CA主机名
Email Address []:root@server  #邮箱

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456  #证书请求密钥，CA读取证书的时候需要输入密码
An optional company name []:123456  #公司名称，CA读取证书的时候需要输入名称

# cp cert.key cert.key.bak

# openssl rsa -in cert.key.bak -out cert.key
Enter pass phrase for cert.key.bak:    #输入密码
writing RSA key

3.自签署证书

[p]·```
#openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.pem
Signature ok[url=mailto:br/>subject=/C=cn/ST=shanghai/L=shanghai/O=westos/OU=linux/CN=server/emailAddress=root@serversubject=/C=cn/ST=shanghai/L=shanghai/O=westos/OU=linux/CN=server/emailAddress=root@server