我使用的是 https://www.startcomca.com/ 中的免费SSL证书,2016年的时候免费申请可以使用3年,你当前的时间就不确定了,还有startssl这个网站经常改版,所以这篇教程没有截图,下面介绍一个步骤:


2,登录后找到导航中的: ControlPanel,进入控制面板

3,进入后点击面板中的:Certificates Wizard,进入证书向导

4,里面有一个表格,看一下这个位置,应该在表格最右边的 Free User (Not Validated) ,免费用户,下面有一个 DV SSL Certificate 是可以点击的,点进去

5,点击进入后,他告诉你,Please enter the full hostname for SSL certificate (e.g: mail.domain.com): 意思就是让你填写你的域名,域名选择后,看下面

Please submit your Certificate Signing Request (CSR): 意思让你输入你的CSR,CSR我个人建议你到你服务器中使用openssl生成,生成方法很简单:

openssl req -newkey rsa:2048 -keyout yourname.key -out yourname.csr 就可以了,前提你得先安装openssl


Enter pass phrase for root.key: ← 输入前面创建的密码 
You are about to be asked to enter information that will be incorporated 
into your certificate request. 
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields but you can leave some blank 
For some fields there will be a default value, 
If you enter ‘.’, the field will be left blank. 
Country Name (2 letter code) [AU]:CN ← 国家代号,中国输入CN 
State or Province Name (full name) [Some-State]:BeiJing ← 省的全名,拼音 
Locality Name (eg, city) []:BeiJing ← 市的全名,拼音 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompany Corp. ← 公司英文名 
Organizational Unit Name (eg, section) []: ← 组织单位名称 
Common Name (eg, YOUR name) []: ← 此时不输入 
Email Address []:admin@mycompany.com ← 电子邮箱,可随意填
Please enter the following ‘extra’ attributes 
to be sent with your certificate request 
A challenge password []: ← 和上面的密码一样就行 
An optional company name []: ← 一个可选的公司名称

6,完成之后会在当前目录生成两个文件,一个是yourname.key,一个是yourname.csr,把yourname.csr里面的信息粘到startssl.com网站中的  Generated by Myself   (.cer PEM format certificate) 处点击 Submit


Your certificate is issued, please click here to download the certificate, the intermediate certificate and the root CA certificate.

And you can retrieve your issued certificate at “Tool Box” – “Certificate List” at any time if you need.





Nginx SSL 部署demo:

server {
        listen       443;
        server_name  api.form1.com;
        ssl                  on;
        ssl_certificate      server.crt;  #你的crt
        ssl_certificate_key   server.key; #你的key
        ssl_session_timeout  10m;
        ssl_protocols TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        location / {
            root   /var/www/web;
            index  index.html index.htm index.php;
            if (!-e $request_filename) {
                rewrite  ^/(.*)index.php(.*)$  $1/index.php?s=$2  last;
                rewrite  ^(.*)$  /index.php?s=$1  last;
            proxy_headers_hash_max_size 51200;
            proxy_headers_hash_bucket_size 6400;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        location ~ \.php($|/index.php) {
            root           /var/www/web;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;