nginx开启ct(Certificate Transparency) – HTTPS SSL 教程
admin- 首页
- 证书相关
- nginx开启ct(Certificate Transparency) – HTTPS SSL 教程
nginx开启ct(Certificate Transparency) – HTTPS SSL 教程
发布日期:2017-02-19nginx需要安装nginx-ct模块, 该模块开发与2015-05-14 可运行在 nginx 1.9.0以上版本.
以下安装方法适用于 ubuntu
# 安装依赖库 (nginx-ct 依赖golang)
sudo apt-get install unzip gcc libpcre3-dev zlib1g-dev make golang-go #下载安装包 wget https://www.openssl.org/source/openssl-1.0.2a.tar.gz wget http://nginx.org/download/nginx-1.9.0.tar.gz wget -O nginx-ct.zip https://github.com/grahamedgecombe/nginx-ct/archive/master.zip tar zxf openssl-1.0.2a.tar.gz tar zxf nginx-1.9.0.tar.gz unzip nginx-ct.zip # 编译 nginx 、openssl 1.0.2 、 CT module cd nginx-1.9.0/ ./configure --with-http_ssl_module --with-openssl=`realpath ../openssl-1.0.2a` --add-module=`realpath ../nginx-ct-master` make sudo make install cd .. # 创建SSL目录 sudo mkdir /usr/local/nginx/conf/ssl
# 创建 SCTs 目录sudo mkdir /usr/local/nginx/conf/ssl/scts# 下载nginx-ct ,并且编译wget -O ct-submit.zip https://github.com/grahamedgecombe/ct-submit/archive/master.zipunzip ct-submit.zipcd ct-submit-master/go build# 提交证书链log 输出 SCTs:sudo sh -c “./ct-submit-master ct.googleapis.com/aviator </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/aviator.sct”sudo sh -c “./ct-submit-master ct.googleapis.com/pilot </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/pilot.sct”sudo sh -c “./ct-submit-master ct.googleapis.com/rocketeer </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/rocketeer.sct”sudo sh -c “./ct-submit-master ct1.digicert-ct.com/log </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/digicert.sct”sudo sh -c “./ct-submit-master trustauth.cn </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/izenpe.sct”sudo sh -c “./ct-submit-master log.certly.io </usr/local/nginx/conf/ssl/server.crt-bundle >/usr/local/nginx/conf/ssl/scts/certly.sct”
http {
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/server.crt-bundle;
ssl_certificate_key /usr/local/nginx/conf/ssl/server.key;
ssl_ct on;
ssl_ct_static_scts /usr/local/nginx/conf/ssl/scts;
}
}
重新启动nginx
service nginx reload
标签: ssl证书教程
上一篇:使用程序强制跳转到HTTPS – HTTPS SSL 教程
下一篇:Nginx 自动跳转到HTTPS – HTTPS SSL 教程
相关新闻
- SSL证书对网站访问速度有影响吗
- 个人隐私数据泄露有哪些危害?如何预防?
- 部署SSL证书有哪些常见的错误
- 国际证书、国产证书和国密证书
- 游戏开发为什么离不开代码签名?
- 僵尸网络攻击手法与防范方式
- SSL证书助力保障网络数据安全
- 网站加密与不加密区别
- SSL证书有哪些类型和价格差异
- ca机构颁发的证书包括那些内容呢?
