Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to configure Nginx SSL certificate deployment HTTPS website, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let Xiaobian take you to understand.

Issue your own SSL certificates that are not trusted by browsers

Issue manually

Xshell logs in to the server and uses openssl to generate RSA keys and certificates

# generate a RSA key $openssl genrsa-des3-out tfjybj.key 102 copy a key file $openssl rsa-in dmsdbj.key-out tfjybj_nopass.key# that does not require a password to generate a certificate request $openssl req-new-key tfjybj.key-out tfjybj.csr

You will be prompted to enter province, city, domain name and other information. Email must be a domain name suffix. This generates a csr file that is the same csr file when submitted to the ssl provider.

(since I don't have a screenshot here, I found a picture from the Internet. What I need to replace is the following 33iq and replace it with tfjybj.)

When you enter the password in the middle, there is nothing to show, but just type it.

# issue your own certificate $openssl x509-req-days 365-in tfjybj.csr-signkey tfjybj.key-out tfjybj.crt

Put the generated certificate in the same level directory of the nginx configuration file

Nginx configuration

Edit nginx configuration file nginx.conf, add https protocol

Server {server_name tfjybj.com; listen 443; ssl on; ssl_certificate / usr/local/nginx/conf/tfjybj.crt; ssl_certificate_key / usr/local/nginx/conf/tfjybj_nopass.key; # if ssl_certificate_key uses tfjybj.key, the password of key is required each time you start the Nginx server. (I don't know at first. I wonder why I have to enter a password to start nginx and turn off nginx.)}

Restart Nginx

The SSL certificate issued by yourself can achieve the function of encrypted transmission, but the browser does not trust it and will give a prompt:

Issue a certificate through a third party-Aliyun

Issue a certificate

Log in to the Ali Cloud Management console, select "Certificate Service" from the "Cloud Shield" menu, and select "purchase Certificate".

I got the free version of the test, after the application, after a day or two of review, and then you can download the certificate. After downloading and decompressing, there are two files, one is the end of key, the private key, and the other is the end of pem, which is the public key.

Configure nginx

Document description:

The certificate file "the name of the requested certificate. Pem" contains two paragraphs. Please do not delete any of them.

If it is the CSR created by the certificate system, it also contains the certificate private key file "the name of the requested certificate. Key".

(1) create the cert directory under the installation directory of Nginx and copy all the downloaded files to the cert directory. If you created the CSR file when you applied for the certificate, put the corresponding private key file in the cert directory and name it "name of the requested certificate .key"

(2) Open the nginx.conf file in the conf directory under the Nginx installation directory and find:

# HTTPS server# # server {# listen 443 listen # server_name localhost;# ssl on;# ssl_certificate cert.pem;# ssl_certificate_key cert.key;# ssl_session_timeout 5m exp # ssl_prefer_server_ciphers on;# location / {# #} #}

(3) modify it to (the attributes that begin with ssl in the following attributes are directly related to the certificate configuration. Copy or adjust other attributes according to your actual situation):

Server {listen 443; name of certificate requested by server_name localhost; ssl on; root html; index index.html index.htm; ssl_certificate cert/ .pem; name of certificate applied for by ssl_certificate_key cert/ .key; ssl_session_timeout 5m; ssl_ciphers ECDHEMurRES128Mustang Aesamoto GCMMUR SHA256 Vista ECDHEveECDHvisaHIGHpurveANULLMORC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / {root html Index index.html index.htm;}}

Save exit.

(4) restart Nginx.

(5) visit your site through https

Thank you for reading this article carefully. I hope the article "how to configure SSL certificates to deploy HTTPS website" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and follow the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.