1.1. 步骤
1.2. 申请证书
证书类型分为DV、OV、EV这三种,这三种有什么区别?
<span class="hljs-deletion">- DV(域名型SSL):个人站点、iOS应用分发站点、登陆等单纯https加密需求的链接; <span class="hljs-deletion">- OV(企业型SSL):企业官网; <span class="hljs-deletion">- EV(增强型SSL):对安全需求更强的企业官网、电商、互联网金融网站; </span></span></span><span class="hljs-deletion">- DV(域名型SSL):个人站点、iOS应用分发站点、登陆等单纯https加密需求的链接; <span class="hljs-deletion">- OV(企业型SSL):企业官网; <span class="hljs-deletion">- EV(增强型SSL):对安全需求更强的企业官网、电商、互联网金融网站; </span></span></span>
- DV(域名型SSL):个人站点、iOS应用分发站点、登陆等单纯https加密需求的链接; - OV(企业型SSL):企业官网; - EV(增强型SSL):对安全需求更强的企业官网、电商、互联网金融网站;
SSL证书的部署类型又分为了单域名、多域名、通配符等类型,比如使用的是OV通配符证书,也就是一张证书可以保护 *.baidu.com 下的所有二级子域名
1.3. 安装证书
根据你Web服务器的不同种类一般证书也会分为多种,请根据自己的实际情况下载安装,一般的常见的Web服务器分为Nginx、Apache、Tomcat、IIS 6、IIS 7/8这几种
<span class="hljs-section">server { <span class="hljs-attribute">listen <span class="hljs-number">443; <span class="hljs-attribute">server_name 你网站的域名; <span class="hljs-attribute">ssl <span class="hljs-literal">on; <span class="hljs-attribute">root html; <span class="hljs-attribute">index index.html index.htm; <span class="hljs-attribute">ssl_certificate cert/你的证书文件名.pem; <span class="hljs-attribute">ssl_certificate_key cert/你的证书文件名.key; <span class="hljs-attribute">ssl_session_timeout <span class="hljs-number">5m; <span class="hljs-attribute">ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; <span class="hljs-attribute">ssl_protocols TLSv1 TLSv1.<span class="hljs-number">1 TLSv1.<span class="hljs-number">2; <span class="hljs-attribute">ssl_prefer_server_ciphers <span class="hljs-literal">on; <span class="hljs-attribute">location / { <span class="hljs-attribute">root html; <span class="hljs-attribute">index index.html index.htm; } } </span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span><span class="hljs-section">server { <span class="hljs-attribute">listen <span class="hljs-number">443; <span class="hljs-attribute">server_name 你网站的域名; <span class="hljs-attribute">ssl <span class="hljs-literal">on; <span class="hljs-attribute">root html; <span class="hljs-attribute">index index.html index.htm; <span class="hljs-attribute">ssl_certificate cert/你的证书文件名.pem; <span class="hljs-attribute">ssl_certificate_key cert/你的证书文件名.key; <span class="hljs-attribute">ssl_session_timeout <span class="hljs-number">5m; <span class="hljs-attribute">ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; <span class="hljs-attribute">ssl_protocols TLSv1 TLSv1.<span class="hljs-number">1 TLSv1.<span class="hljs-number">2; <span class="hljs-attribute">ssl_prefer_server_ciphers <span class="hljs-literal">on; <span class="hljs-attribute">location / { <span class="hljs-attribute">root html; <span class="hljs-attribute">index index.html index.htm; } } </span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span>server { listen 443; server_name 你网站的域名; ssl on; root html; index index.html index.htm; ssl_certificate cert/你的证书文件名.pem; ssl_certificate_key cert/你的证书文件名.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { root html; index index.html index.htm; } }
重启Nginx,这时候你的站点应该就已经可以通过https方式访问了
重启 Apache
Tomcat 支持JKS格式证书,但从Tomcat7开始也支持PFX格式证书,两种格式任选其一
如果是PFX证书
<span class="hljs-attr">keystoreFile=<span class="hljs-string">"cert/你的证书文件名.pfx" <span class="hljs-attr">keystoreType=<span class="hljs-string">"PKCS12" <span class="hljs-attr">keystorePass=<span class="hljs-string">"证书密码" </span></span></span></span></span></span><span class="hljs-attr">keystoreFile=<span class="hljs-string">"cert/你的证书文件名.pfx" <span class="hljs-attr">keystoreType=<span class="hljs-string">"PKCS12" <span class="hljs-attr">keystorePass=<span class="hljs-string">"证书密码" </span></span></span></span></span></span>
keystoreFile="cert/你的证书文件名.pfx" keystoreType="PKCS12" keystorePass="证书密码"
如果是JKS证书
<span class="hljs-attr">keystoreFile=<span class="hljs-string">"cert/你的证书文件名.jks" <span class="hljs-attr">keystorePass=<span class="hljs-string">"证书密码" </span></span></span></span><span class="hljs-attr">keystoreFile=<span class="hljs-string">"cert/你的证书文件名.jks" <span class="hljs-attr">keystorePass=<span class="hljs-string">"证书密码" </span></span></span></span>
keystoreFile="cert/你的证书文件名.jks" keystorePass="证书密码"
重启Tomcat
1.4. 设置跳转
网站这个时候http和https同时都能够访问。这就需要设置跳转了,使http请求通过301 redirect到https上去
<span class="hljs-section">server { <span class="hljs-attribute">listen <span class="hljs-number">80; <span class="hljs-attribute">server_name 您的域名; <span class="hljs-attribute">return <span class="hljs-number">301 https://<span class="hljs-variable">$server_name<span class="hljs-variable">$request_uri; } </span></span></span></span></span></span></span></span><span class="hljs-section">server { <span class="hljs-attribute">listen <span class="hljs-number">80; <span class="hljs-attribute">server_name 您的域名; <span class="hljs-attribute">return <span class="hljs-number">301 https://<span class="hljs-variable">$server_name<span class="hljs-variable">$request_uri; } </span></span></span></span></span></span></span></span>server { listen 80; server_name 您的域名; return 301 https://$server_name$request_uri; }
新建.htaccess
<span class="hljs-attribute">RewriteEngine <span class="hljs-literal">On <span class="hljs-attribute">RewriteCond <span class="hljs-variable">%{SERVER_PORT} <span class="hljs-number">80 <span class="hljs-attribute">RewriteRule ^(.*)$ https://<span class="hljs-variable">%{HTTP_HOST}/$<span class="hljs-number">1</span></span></span></span></span></span></span></span><span class="hljs-attribute">RewriteEngine <span class="hljs-literal">On <span class="hljs-attribute">RewriteCond <span class="hljs-variable">%{SERVER_PORT} <span class="hljs-number">80 <span class="hljs-attribute">RewriteRule ^(.*)$ https://<span class="hljs-variable">%{HTTP_HOST}/$<span class="hljs-number">1</span></span></span></span></span></span></span></span>RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1
在conf/web.xml中的前加入
原文链接:https://www.cnblogs.com/zhao907/p/14948916.html
© 版权声明
声明📢本站内容均来自互联网,归原创作者所有,如有侵权必删除。
本站文章皆由CC-4.0协议发布,如无来源则为原创,转载请注明出处。
THE END
