生成SSL证书

OpenSSL是目前最流行的SSL密码库工具，其提供了一个通用、健壮、功能完备的工具套件，用以支持SSL/TLS协议的实现。

1.生成SSL证书

例如生成到：/usr/local/ssl目录下

openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout /usr/local/ssl/nginx.key -out /usr/local/ssl/nginx.crt

2.参数

Generating a 2048 bit RSA private key
....+++
...................................................................+++
writing new private key to './nginx.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
# 国家代号，中国输入CN
Country Name (2 letter code) []:CN
# 省的全名，拼音 
State or Province Name (full name) []:ShangDong
# 市的全名，拼音
Locality Name (eg, city) []:QingDao
# 公司英文名
Organization Name (eg, company) []:PonyCool
# 组织单位名或部门名，可以不输入
Organizational Unit Name (eg, section) []:IT
# 这里是你要申请的网站的域名
Common Name (eg, fully qualified host name) []:nebualhub.ponycool.com
# 电子邮箱，可以不输入
Email Address []: