Shulou(Shulou.com)05/31 Report--

This article mainly explains "Nginx how to configure SSL certificate to deploy HTTPS website", interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next let the editor to take you to learn "Nginx how to configure SSL certificates to deploy HTTPS website"!

Issue your own ssl certificates that are not trusted by browsers

Issue manually

Xshell logs in to the server and uses openssl to generate rsa keys and certificates

# generate a rsa key $openssl genrsa-des3-out tfjybj.key 102 copy a key file $openssl rsa-in dmsdbj.key-out tfjybj_nopass.key# that does not require a password to generate a certificate request $openssl req-new-key tfjybj.key-out tfjybj.csr

You will be prompted to enter province, city, domain name and other information. Email must be a domain name suffix. This generates a csr file that is the same csr file when submitted to the ssl provider.

(since I don't have a screenshot here, I found a picture from the Internet. What I need to replace is the following 33iq and replace it with tfjybj.)

When you enter the password in the middle, there is nothing to show, but just type it.

# issue your own certificate $openssl x509-req-days 365-in tfjybj.csr-signkey tfjybj.key-out tfjybj.crt

Put the generated certificate in the same level directory of the nginx configuration file

Nginx configuration

Edit nginx configuration file nginx.conf, add https protocol

Server {server_name tfjybj.com; listen 443; ssl on; ssl_certificate / usr/local/nginx/conf/tfjybj.crt; ssl_certificate_key / usr/local/nginx/conf/tfjybj_nopass.key; # if ssl_certificate_key uses tfjybj.key, the password of key is required each time you start the nginx server. (I don't know at first. I wonder why I have to enter a password to start nginx and turn off nginx.)}

Restart nginx

The ssl certificate issued by yourself can achieve the function of encrypted transmission, but the browser does not trust it and will give a prompt:

Issue a certificate through a third party-Aliyun

Issue a certificate

Log in to the Ali Cloud Management console, select "Certificate Service" from the "Cloud Shield" menu, and select "purchase Certificate".

I got the free version of the test, after the application, after a day or two of review, and then you can download the certificate. After downloading and decompressing, there are two files, one is the end of key, the private key, and the other is the end of pem, which is the public key.

Configure nginx

Document description:

The certificate file "the name of the requested certificate. Pem" contains two paragraphs. Please do not delete any of them.

If it is the csr created by the certificate system, it also contains the certificate private key file "the name of the requested certificate. Key".

(1) create the cert directory under the installation directory of nginx and copy all the downloaded files to the cert directory. If you created the csr file when you applied for the certificate, put the corresponding private key file in the cert directory and name it "name of the requested certificate .key"

(2) Open the nginx.conf file in the conf directory under the nginx installation directory and find:

# https server# # server {# listen 443 × # server_name localhost;# ssl on;# ssl_certificate cert.pem;# ssl_certificate_key cert.key;# ssl_session_timeout 5m export56 rc4mm ssl_protocols sslv2 sslv3 tlsv1;# ssl_ciphers / {# #} #}

(3) modify it to (the attributes that begin with ssl in the following attributes are directly related to the certificate configuration. Copy or adjust other attributes according to your actual situation):

Server {listen 443; the name of the certificate requested by server_name localhost; ssl on; root html; index index.html index.htm; ssl_certificate cert/. Pem; the name of the certificate requested by ssl_certificate_key cert/. Key; ssl_session_timeout 5m; ssl_ciphers ECDHEL RSAE128WAE128WAE128MUBE GCM Sha256 VOLECDHREL ECDHULV Index index.html index.htm;}}

Save exit.

(4) restart nginx.

(5) visit your site through https

At this point, I believe that everyone on the "Nginx how to configure SSL certificate deployment HTTPS website" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.