2022年8月7日 星期日

建立自行簽署的SSL憑證,Nginx設定HTTPS + 設定Palo Alto Firewall SSL Inbound Inspection + Enable Anti-Virus/Anti-Spyware

1. 建立自行簽署的SSL憑證,Nginx設定HTTPS

sudo mkdir /etc/nginx/ssl

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt


sudo vi /etc/nginx/sites-available/default











sudo service nginx restart

2. 設定Palo Alto Firewall SSL Inbound Inspection

sudo mkdir /etc/nginx/ssl/output

openssl pkcs12 -in nginx.crt -inkey nginx.key -export -out output/nginx.pfx -password pass:xxxxxxxx

cd output

openssl pkcs12 -in nginx.pfx -nokeys -password "pass:xxxxxxxx" -out - 2>/dev/null | openssl x509 -out server.crt

openssl pkcs12 -in nginx.pfx -nocerts -password "pass:xxxxxxxx" -out server.key




























3. Enable Anti-Virus/Anti-Spyware

沒有留言:

張貼留言