我想在 Nginx 下为我的网站提供 ssl 支持。
首先,我尝试使用自签名证书,但如您所知,浏览器抱怨说
此连接不受信任
其次,我尝试从知名证书颁发机构 (symantec.com) 订购免费证书。但它以形式向我发送了一份证书:
-----BEGIN CERTIFICATE----- MIIFhzCCBG+gAwIBAgIQIe7e9lh4GqB0cr9kdPKPbjANBgkqhkiG9w0BAQUFADCB yzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL EydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4xQjBABgNV BAsTOVRlcm1zIG9mIHVzZSBhdCBodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3Bz L3Rlc3RjYSAoYykwOTEtMCsGA1UEAxMkVmVyaVNpZ24gVHJpYWwgU2VjdXJlIFNl cnZlciBDQSAtIEcyMB4XDTEzMDcwNTAwMDAwMFoXDTEzMDgwNDIzNTk1OVowgasx CzAJBgNVBAYTAlVBMQ0wCwYDVQQIEwRLeWl2MQ0wCwYDVQQHFARLeWl2MQ0wCwYD VQQKFARVSUlQMRgwFgYDVQQLFA9zeXN0ZW0gYW5hbHlzaXMxOjA4BgNVBAsUMVRl cm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EgKGMpMDUx GTAXBgNVBAMUEGVmaWxpbmcudWlwdi5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDOq5JajVn8VEINqH6N61f8BwS3M2U9mIcwGt7Q829f+RaYqcF/ /+2+Zzmv72Hismgo6cu5N/ONtEBpJ69zkDjC9vD3IluCSimtu9CyMfG0z+V4tRr8XxmdMnzSJNs+aBxM+ljODVuYjQ5r2YCsPl/GeVAHn41Qa76m0Efz1+XgfsmoSxSe hhwBB7upJ1YvalRRvcGFGmqMQFiy2+8g/l3gCAuCgt+qniEoyNnOGWArkMm5pNUN v0ciaDr8OTzBCx+RvI5sUA2+iM4mm7Jl7i9oKO6YvcXhpIBOHQDFuGkF5IEoyKAC 1ioBByqN9OT5UicTY25PddE133WU0gN1cBwXAgMBAAGjggGDMIIBfzAbBgNVHREE FDASghBlZmlsaW5nLnVpcHYub3JnMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgWg MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9TVlJUcmlhbC1HMi1jcmwudmVyaXNp Z24uY29tL1NWUlRyaWFsRzIuY3JsMEoGA1UdIARDMEEwPwYKYIZIAYb4RQEHFTAx MC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzL3Rlc3Rj YTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUKBcT ir3WorXcBiy3to7aEGZgbuUwdAYIKwYBBQUHAQEEaDBmMCQGCCsGAQUFBzABhhho dHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9TVlJU cmlhbC1HMi1haWEudmVyaXNpZ24uY29tL1NWUlRyaWFsRzIuY2VyMA0GCSqGSIb3DQEBBQUAA4IBAQC4SQgLwIcrsvrdQlEpP3kQFJMtPBeoYPYouMfT/Fa4VtsL8Vxi 0YqGY8MGXPeESCqEFSciD8ZTaUvbMqaZe/iBPpsyLBpI2+aeksJBwMYtRLASCzIG -----结束证书-----
但是 Nginx 需要是 .key 和 .cer 文件。
有什么建议如何从知名 CA 获得免费证书(.key 和 .cer 文件)?