In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
What kind of certificate do we need
I have written a brief book of "tomcat https configuration method (free certificate)" (if you want to see it, you can go to my home page, there is still a lot of related knowledge between these two articles), it has mentioned the classification of commonly used certificates, in which nginx uses a certificate in PEM format, we need two files, one is a .key file, and the other is a .crt file.
How to get a free certificate
Here are two methods:
First: if you are a windows user and have a certificate in .KeyStore format
Then you can use the JKS2PFX conversion tool to convert your keystore certificate to a PEM certificate by cd to the tool directory, and then run the command:
$JKS2PFX
Second: if you are a Linux or OSX system
Generate the secret key key and run:
$openssl genrsa-des3-out server.key 2048
You will be asked for a password twice, and you can enter the same one.
Enter password
Then you get a server.key file.
Later, using this file (through the command provided by openssl or API) may often ask for a password, and if you want to remove the steps to enter a password, you can use the following command:
$openssl rsa-in server.key-out server.key
Create the application file server.csr for the server certificate, and run:
Openssl req-new-key server.key-out server.csr
Which Country Name fill in CN,Common Name host name can not be filled in, if not filled in the browser will think it is not safe. (for example, your future url will be https://abcd/xxxx. . You can fill in abcd) here, and you can leave everything else unfilled.
Create a CA certificate:
Openssl req-new-x509-key server.key-out ca.crt-days 3650
At this point, you can get a ca.crt certificate, which is used to sign your own certificate.
Create a server certificate server.crt valid for ten years from the current date:
The copy code is as follows:
Openssl x509-req-days 3650-in server.csr-CA ca.crt-CAkey server.key-CAcreateserial-out server.crt
Ls your folder and you can see that a total of 5 files have been generated:
Ca.crt ca.srl server.crt server.csr server.key
Among them, server.crt and server.key are the certificate files that your nginx needs.
How to configure nginx
Open your nginx configuration file, search 443 to find the https configuration, and uncomment this code. Or directly copy my following configuration:
Server {listen 443; server_name localhost; ssl on; ssl_certificate / root/Lee/keys/server.crt;# configuration Certificate location ssl_certificate_key / root/Lee/keys/server.key;# configuration key location # ssl_client_certificate ca.crt;# two-way Authentication # ssl_verify_client on; # two-way Authentication ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1 Ssl_ciphers all, exp. RT56, RC4, RSAV, HIGH, Medi, LOW, ssl_prefer_server_ciphers on, SSLv2.
Change ssl_certificate to the path of server.crt and ssl_certificate_key to the path of server.key.
Nginx-s reload overload configuration
At this point, nginx https can be used, the default port 443.
The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.