最终实现效果:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-48.png)
具体方法如下:
1、下载自签程序:
https://github.com/FiloSottile/mkcert/releases
根据你的操作系统下载对应文件:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-49.png)
我这里是用的 windows-amd64,下载后将文件改名为mkcert,打开命令行,定位至此目录,输入mkcert -? 可查看帮助:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-50.png)
输入mkcert –install 安装CA证书:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-51.png)
安装成功:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-52.png)
生成自签证书:mkcert 192.168.2.64
这里是你机器的IP
![](https://www.macs.vip/wp-content/uploads/2023/04/image-53.png)
有效期挺长,有两年三个月呢!
查看根证书位置:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-54.png)
![](https://www.macs.vip/wp-content/uploads/2023/04/image-55.png)
将rootCA.pem改名为rootCA.crt,这是公钥,需要发放给访问者安装证书:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-56.png)
访问者安装证书目录需要选择证书存储,然后选“受信任的根证书颁发机构”,再确认即可:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-57.png)
![](https://www.macs.vip/wp-content/uploads/2023/04/image-58.png)
![](https://www.macs.vip/wp-content/uploads/2023/04/image-59.png)
![](https://www.macs.vip/wp-content/uploads/2023/04/image-60.png)
同时,在mkcert执行程序同级目录会有两个证书文件,用于Nginx配置即可:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-61.png)
Nginx相应配置:
server {
listen 443 ssl;
server_name 192.168.2.64;
ssl_certificate cert/192.168.2.64.pem;
ssl_certificate_key cert/192.168.2.64-key.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
root html;
index laoma.html;
}
}
效果:Google浏览器:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-62.png)
360浏览器:
![](https://www.macs.vip/wp-content/uploads/2023/04/image-63.png)