pfx格式证书转成nginx可用的证书

1.先下载并安装 openssl:

    下载地址:http://slproweb.com/products/Win32OpenSSL.html

    安装说明:https://blog.csdn.net/qq_39081974/article/details/81059022

2.转换证书:

openssl pkcs12 -in ./hengda.pfx -clcerts -nokeys -out hengda.crt
openssl pkcs12 -in ./hengda.pfx -nocerts -nodes -out hengda.rsa

3.验证证书是否有效：

openssl s_server -www -accept 443 -cert hengda.crt -key hengda.rsa

4.配置nginx:

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;


    # HTTPS server
    #
    server {
        listen       443 ssl;
        server_name  localhost;
        #ssl_certificate      cert.pem;
        ssl_certificate      ./csr/hengda.crt;
        ssl_certificate_key  ./csr/hengda.rsa;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            proxy_pass         http://mybips.com;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        }
    }

}