1.证书准备

下载CA证书,在此我下载下来的文件是IntermediateCA.cer和ssl_certificate.cer

2.Key证书转换

openssl pkcs12 -in domain_name_privatekey.p12 -out domain_name.key -nocerts -nodes

3.生成CRT证书

cat ssl_certificate.cer IntermediateCA.cer >> domain_name.crt

4.nginx配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
server {
    listen       80;
    server_name  www.domain.com;
    rewrite ^(.*)$  https://$host$1 permanent;
}
server {
    listen 443;
    server_name www.domain.com;
    ssl on;
    ssl_certificate /path/domain_name.crt;
    ssl_certificate_key /path/domain_name.key;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
        root /data/web/www;
        index index.html;
    }
}

5.如果有后台API,需要视情况升级修改。