1 下载代码
-
git clone https://github.com/guanzhi/GmSSL.git
2 cd GmSSL
./config no-shared
make
sudo make install
3 从国密pfx的证书中分离出公钥
openssl pkcs12 -in operator.p12 -clcerts -nokeys -out operator.pem
4 下载nginx
-
http://nginx.org/download/nginx-1.20.1.tar.gz
5 安装第三方软件包
sudo apt-get install libpcre3 libpcre3-dev
sudo apt-get install zlib1g-dev
6 编译nginx 使用静态链接gmssl
./configure --with-http_ssl_module --with-openssl="/software/GmSSL" --with-cc-opt="-I/software/GmSSL/include"
make
make install
此时的安装目录是/usr/local
7 在
-
https://gmssl.cn/gmssl/index.jsp
申请sm2证书
编辑nginx的配置文件 添加如下的配置
server
{
listen 0.0.0.0:443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:ECC-SM4-CBC-SM3:ECDHE-SM4-GCM-SM3;
ssl_verify_client off;
ssl_certificate /usr/local/nginx/conf/key/sm2.tianjian.sig.crt.pem;
ssl_certificate_key /usr/local/nginx/conf/key/sm2.tianjian.sig.key.pem;
ssl_certificate_key /usr/local/nginx/conf/key/sm2.tianjian.enc.key.pem;
ssl_certificate /usr/local/nginx/conf/key/sm2.tianjian.enc.crt.pem;
location /
{
root html;
index index.html index.htm;
}
}
阅读(1792) | 评论(0) | 转发(0) |