Shulou(Shulou.com)05/31 Report--

This article mainly explains "the operation steps of configuring https certificate by nginx under Centos". The explanation content in this article is simple and clear, easy to learn and understand. Please follow the ideas of Xiaobian to study and learn "the operation steps of configuring https certificate by nginx under Centos" together.

1, first configure nginx and other plug-ins, under this Google, a lot of configuration schemes.

2. Configure the server certificate. The procedure is as follows:

[root@localhost ~]# cd /etc/pki/tls/certs

[root@localhost certs]# make server.key

umask 77 ;

/usr/bin/openssl genrsa -aes128 2048 > server.key

Generating RSA private key, 2048 bit long modulus

......................................................++++++

.............++++++

e is 61251 (0x10001)

Enter pass phrase:# set passphrase

Verifying - Enter pass phrase:# confirm

# remove passphrase from private key

[root@localhost certs]# openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:# input passphrase

writing RSA key

[root@localhost certs]#

[root@localhost certs]# make server.csr

umask 77 ;

/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '. ', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN #country

State or Province Name (full name) [e]:Beijing #state

Locality Name (eg, city) [Default City]:Beijing #city

Organization Name (eg, company) [Default Company Ltd]:Test #company

Organizational Unit Name (eg, section) []:Test Haha #department

Common Name (eg, your server's hostname) []:www.test.com #server's FQDN

Email Address []:admin@test.com # email address

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:# Enter

An optional company name []:# Enter

[root@localhost certs]#

[root@localhost certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok

subject=/C=CN/ST=Beijing/L=Beijing/O=Test/OU=Test Haha/CN=www.test.com,/emailAddress=admin@test.com

Getting Private key

[root@localhost certs]# chmod 400 server.*

3. Configure nginx conf file

#server {

# listen 80;

# server_name happy.cc.com;

# rewrite ^(.*)$ permanent;

# }

server {

listen 80;

listen 443 ssl;

server_name happy.cc.com;

location / {

root /data/www/cloud;

index index.html;

}

ssl on;

ssl_certificate /data/webserver/nginx/conf/server.crt;

ssl_certificate_key /data/webserver/nginx/conf/server.key;

ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1;

ssl_ciphers ALL:! ADH:! EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_prefer_server_ciphers on;

#autoindex on;

location = /favicon.ico {

log_not_found off;

access_log off;

}

location ~ .php$ {

root /data/www/cloud;

fastcgi_pass unix:/tmp/php-cgi.sock;

#fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME /data/www/cloud$fastcgi_script_name;

include fastcgi_params;

}

location ~ .*. (gif|jpg|jpeg|png|bmp|swf)$

{

expires 30d;

}

location ~ .*. (js|css)?$

{

expires 1h;

}

access_log /data/log/nginx/happy.access.log access;

error_log /data/log/nginx/happy.error.log warn;

}

Open port 443 of iptables

Thank you for reading, the above is the content of "Operation steps of configuring https certificate in nginx under Centos". After studying this article, I believe that everyone has a deeper understanding of the operation steps of configuring https certificate in nginx under Centos. The specific use situation also needs to be verified by practice. Here is, Xiaobian will push more articles related to knowledge points for everyone, welcome to pay attention!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.