Shulou(Shulou.com)06/03 Report--

1. Issue SSL certificates that are not trusted by browsers:

The SSL certificate of HTTPS can be issued by itself. The steps for issuing the certificate under Linux are as follows:

Openssl genrsa-des3-out www.aaa.com.key 1024openssl req-new-key www.aaa.com.key-out www.aaa.com.csropenssl rsa-in www.aaa.com.key-out www.aaa.com_nopass.key

For the SSL certificate configuration of Nginx.conf, using www.aaa.com_nopass.key, you do not need to enter the SSL certificate password when starting Nginx, but you need to enter the password when using www.aaa.com.key:

Server {server_name sms.www.aaa.com; listen 443; index index.html index.htm index.php; root / data0/htdocs/www.aaa.com; ssl on; ssl_certificate www.aaa.com.crt; ssl_certificate_key www.aaa.com_nopass.key;.}

Although the self-issued SSL certificate can achieve encrypted transmission, it cannot be trusted by the browser. The following prompt appears:

There are questions in the certificate of an Quan certificate on this site.

The Anjin certificate issued by this network is issued by the site of the Daqi other network station.

The title of "an Jin Certificate" can show that the test picture failed to intercept the data you sent to the server.

It is recommended that you close this page and do not continue to view the site.

Click to close the screen.

Continue to browse the network station (not recommended).

More information

2. StartSSL free SSL certificate trusted by browsers:

StartSSL (http://www.startssl.com, company name: StartCom) is also a CA organization, and its root certificate has long been supported by browsers with open source backgrounds (Firefox, Google Chrome, Apple Safari, etc.).

In September, StartSSL took care of Microsoft: in the upgrade patch, Microsoft updated the list of vendors who passed the Windows root certificate certification program (Windows Root Certificate Program) and added StartCom to the certification list for the first time. This is the first time that Microsoft has added a vendor offering free digital verification technology to the root certificate list. Now, in Windows 7 or Windows Vista or Windows XP operating systems with upgrade patches installed, the system fully trusts digital certificates certified by free digital certification bodies such as StartCom, so that StartSSL is also supported by IE browsers.

After registering as a StartSSL (http://www.startssl.com) user and authenticating by email, you can apply for a free and trusted SSL certificate. The steps are complicated, so we will not introduce them in detail. The main steps of the application wizard are as follows:

Apply for a free SSL certificate from http://www.startssl.com.

Download the www.aaa.com.zip file, extract the file, find the for Nginx.zip to extract, and get 2 files

1_www.aaa.com_bundle.crt, 2_www.aaa.com.key

Change the name www.aaa.com.crt,www.aaa.com.key and send it to the server for backup.

Nginx configure SSL certificate deployment https support

Find the corresponding server

Increase

Listen 443 ssl;ssl on;ssl_certificate / usr/local/nginx/conf/ssl/www.aaa.com.crt;ssl_certificate_key / usr/local/nginx/conf/ssl/www.aaa.com.key;ssl_session_timeout 5m ssloppy "TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers all" exp "exp" Ssl_prefer_server_ciphers on

Reload the nginx configuration

# / etc/init.d/nginx reload

Https:// www.aaa.com trusted by the browser is already available ~

Convert pfx to crt,key required by nginx

If you already have a certificate with the extension pfx, you need to convert to use the

# openssl pkcs12-in www.aaa.com.pfx-nocerts-nodes-out www.aaa.com.keyEnter Import Password: enter the certificate password MAC verified OK # openssl pkcs12-in www.aaa.com.pfx-clcerts-nokeys-out www.aaa.com.crtEnter Import Password: enter the certificate password MAC verified OK

Generate 2 files www.aaa.com.key and copy www.aaa.com.pfx to the directory you specified

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.