Shulou(Shulou.com)06/02 Report--

1. Generate a self-signed ssl certificate

Mkdir / ssl

Create a folder for ssl certificates

Openssl genrsa-des3-out domain.key 1024

# generate RSA key (process requires setting a password, remember this password)

Openssl rsa-in ylc520.key-out ylc520_nopass.key

# copy a key file that does not require a password

Openssl req-new-key domain.key-out domain.csr

# generate a certificate request

Here you will be prompted to enter country, regional organization, email and other information. The most important one is common name, which needs to be the same as the website domain name.

Enter pass phrase for domain.key: # previously set password

Country Name (2 letter code) [XX]: CN # country

State or Province Name (full name) []: Jilin # region or province

Locality Name (eg, city) [Default City]: local name of Changchun # region

Organization Name (eg, company) [Default Company Ltd]: name of Python # organization

Organizational Unit Name (eg, section) []: Python # organizational unit name

Common Name (eg, your name or your server's hostname) []: domain name of ylc520.f3322.net # website

Email Address []: 123@domain.com # mailbox

A challenge password []: # Private key protection password, you can enter directly

An optional company name []: # an optional company name, you can enter directly

After entering these, a ylc520.csr file is generated, which is the csr file when submitted to the ssl provider. Of course, here did not apply to any certificate provider, but issued their own certificate.

Openssl x509-req-days 365-in ylc520.csr-signkey ylc520.key-out ylc520.crt

# sign the certificate using the above key and CSR

two。 Modify the code of nginx

Server {

Listen 80

Listen 443 ssl

# add a listening port for ssl

Server_name ylc520.f3322.net

# your domain name

Root / usr/share/nginx/html

Include / etc/nginx/default.d/*.conf;ssl_certificate / ssl/ylc520.crt;ssl_certificate_key / ssl/ylc520_nopass.key;ssl_session_timeout 5m null / etc/nginx/default.d/*.conf;ssl_certificate / ssl/ylc520.crt;ssl_certificate_key / ECDHEL 5m Sslash ciphers ECDHEMUR RSAMuir AES128Muir GCMMZ SHA256ECDHEV ECDH HIGH # Protocol optimization (optional, optimize https protocol, enhance security) if ($server_port = 80) {rewrite ^ (. *) $https://$host$1 permanent;} # url again, transfer to https access 3. Visit

After typing the domain name, it is automatically located to https access.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.