nginx开启ct(Certificate Transparency)
nginx需要安装nginx-ct模块, 该模块开发与2015-05-14 可运行在 nginx 1.9.0以上版本.
以下安装方法适用于 ubuntu
# 安装依赖库 (nginx-ct 依赖golang)
sudo apt-get install unzip gcc libpcre3-dev zlib1g-dev make golang-go #下载安装包 wget https://www.openssl.org/source/openssl-1.0.2a.tar.gz wget http://nginx.org/download/nginx-1.9.0.tar.gz wget -O nginx-ct.zip https://github.com/grahamedgecombe/nginx-ct/archive/master.zip tar zxf openssl-1.0.2a.tar.gz tar zxf nginx-1.9.0.tar.gz unzip nginx-ct.zip # 编译 nginx 、openssl 1.0.2 、 CT module cd nginx-1.9.0/ ./configure --with-http_ssl_module --with-openssl=`realpath ../openssl-1.0.2a` --add-module=`realpath ../nginx-ct-master` make sudo make install cd .. # 创建SSL目录 sudo mkdir /usr/local/nginx/conf/ssl
# 创建 SCTs 目录
sudo mkdir /usr/local/nginx/conf/ssl/scts
# 下载nginx-ct ,并且编译
wget -O ct-submit.zip https://github.com/grahamedgecombe/ct-submit/archive/master.zip
unzip ct-submit.zip
cd ct-submit-master/
go build
# 提交证书链log 输出 SCTs:
sudo sh -c “./ct-submit-master ct.googleapis.com/aviator
</usr/local/nginx/conf/ssl/server.crt-bundle
>/usr/local/nginx/conf/ssl/scts/aviator.sct”
sudo sh -c “./ct-submit-master ct.googleapis.com/pilot
</usr/local/nginx/conf/ssl/server.crt-bundle
>/usr/local/nginx/conf/ssl/scts/pilot.sct”
sudo sh -c “./ct-submit-master ct.googleapis.com/rocketeer
</usr/local/nginx/conf/ssl/server.crt-bundle
>/usr/local/nginx/conf/ssl/scts/rocketeer.sct”
sudo sh -c “./ct-submit-master ct1.digicert-ct.com/log
</usr/local/nginx/conf/ssl/server.crt-bundle
>/usr/local/nginx/conf/ssl/scts/digicert.sct”
sudo sh -c “./ct-submit-master ct.izenpe.com
</usr/local/nginx/conf/ssl/server.crt-bundle
>/usr/local/nginx/conf/ssl/scts/izenpe.sct”
sudo sh -c “./ct-submit-master log.certly.io
</usr/local/nginx/conf/ssl/server.crt-bundle
>/usr/local/nginx/conf/ssl/scts/certly.sct”
http {
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/ssl/server.crt-bundle;
ssl_certificate_key /usr/local/nginx/conf/ssl/server.key;
ssl_ct on;
ssl_ct_static_scts /usr/local/nginx/conf/ssl/scts;
}
}
重新启动nginx
service nginx reload- 上一篇: SSL证书格式转换
- 下一篇: cPanel面板快速安装SSL证书
- 数字证书 (DocSign证书)
- 代码签名证书
- S/MIME邮件证书
- PDF/Office文档签名证书
- 解决方案 (Solution)
- SSLCloud证书云监控
- MPKI SSL证书管理
- HTTPS全站加密
- 加密无处不在方案
- SSL证书安全评估
- HSTS防劫持
Copyright © 1998 - Gworg, Inc. All Rights Reserved. 江苏光网数字认证有限公司版权所有
苏ICP备15058404号 苏公网安备32058202010008号
