当前位置：首页 > news >正文

相城网站建设石家庄制作网站

news 2026/1/8 21:16:14

相城网站建设,石家庄制作网站,wordpress上一篇插件,辽宁省建设工程信息网招标规定一、获取国密证书 1、在您完成申请西部GDCA服务器证书的流程后#xff0c;下载证书将获取一个证书包#xff0c;有以下 *.***.com_sign.crt#xff1a;签名证书 *.***.com_sign.key#xff1a;签名证书私钥 *.***.com_encrypt.crt#xff1a;加密证书 *.***.com_encr…一、获取国密证书 1、在您完成申请西部GDCA服务器证书的流程后下载证书将获取一个证书包有以下 *.***.com_sign.crt签名证书 *.***.com_sign.key签名证书私钥 *.***.com_encrypt.crt加密证书 *.***.com_encryptKeyData.txt内容为已加密的加密证书私钥片段 2、加密证书解密在线解密私钥加解密创建 *.**.com_encrypt.key 文件将获取的解密后解密证书私钥内容填写进去。二、部署国密nginx 国密OpenSSL与国密Nginx gmssl_openssl_1.1_bxx.tar.gz 无缝nginx国密改造支持nginx1.6 编译部署以nginx-1.18.0为例 1) 下载 wget http://download.myhostadmin.net/gmssl/gmssl_openssl_1.1_b8.tar.gz到/root/下 2) 解压 tar xzfm gmssl_openssl_1.1_b8.tar.gz -C /usr/local 3) 下载wget http://download.myhostadmin.net/gmssl/nginx-1.18.0.zip 到/root/下 4) 解压 unzip nginx-1.18.0.zip 注可能需要使用yum install pcre-devel需要安装pcre-devel 5) 进入目录 cd /root/nginx-1.18.0 6) 编译配置 ./configure \ --without-http_gzip_module \ --with-http_ssl_module \ --with-http_stub_status_module \ --with-http_v2_module \ --with-file-aio \ --with-openssl/usr/local/gmssl \ --with-cc-opt-I/usr/local/gmssl/include \ --with-ld-opt-lm 7) 编译安装 make install 8) /usr/local/nginx即为生成的nginx目录 9)编译安装完成后cd 进入/usr/local/nginx/sbin 目录用 ./nginx -t 命令检测是否正常如下配置示例(国密单向) *.***.com_sign.crt签名证书 *.***.com_sign.key签名证书私钥 *.***.com_encrypt.crt加密证书 *.***.com_encrypt.key : 加密证书私钥 server { listen 0.0.0.0:443 ssl; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:ECC-SM4-CBC-SM3:ECC-SM4-GCM-SM3; ssl_verify_client off; ssl_certificate /usr/local/nginx/conf/*.***.com_sign.crt; ssl_certificate_key /usr/local/nginx/conf/*.***.com_sign.key; ssl_certificate /usr/local/nginx/conf/*.***.com_encrypt.crt; ssl_certificate_key /usr/local/nginx/conf/*.***.com_encrypt.key; location / { root html; index index.html index.htm; } } 配置示例(国密/RSA单向自适应) server { listen 0.0.0.0:443 ssl; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:ECC-SM4-CBC-SM3:ECC-SM4-GCM-SM3; ssl_verify_client off; ssl_certificate /usr/local/nginx/conf/*.***.com.crt; ssl_certificate_key /usr/local/nginx/conf/*.***.com.key; ssl_certificate /usr/local/nginx/conf/*.***.com_sign.crt; ssl_certificate_key /usr/local/nginx/conf/*.***.com_sign.key; ssl_certificate /usr/local/nginx/conf/*.***.com_encrypt.crt; ssl_certificate_key /usr/local/nginx/conf/*.***.com_encrypt.key; location / { root html; index index.html index.htm; } } 测试配置是否正确/usr/local/nginx/sbin/nginx -t 启动/usr/local/nginx/sbin/nginx 三、访问测试 1、360企业浏览器设置打开浏览器点击右上角的按钮-》“选项”-》“安全设置”确保“国密通信协议”栏目已勾选 “启用国密SSL协议支持”的复选框如下访问效果示例原文链接https://www.west.cn/faq/list.asp?unid2513

查看全文

http://wiki.neutronadmin.com/news/384989/