sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
sudo service nginx restart
2. 設定Palo Alto Firewall SSL Inbound Inspection
sudo mkdir /etc/nginx/ssl/output
openssl pkcs12 -in nginx.crt -inkey nginx.key -export -out output/nginx.pfx -password pass:xxxxxxxx
cd output
openssl pkcs12 -in nginx.pfx -nokeys -password "pass:xxxxxxxx" -out - 2>/dev/null | openssl x509 -out server.crt
openssl pkcs12 -in nginx.pfx -nocerts -password "pass:xxxxxxxx" -out server.key
3. Enable Anti-Virus/Anti-Spyware
沒有留言:
張貼留言