Self written certificate is often used in learning or testing environment. If the project is running commercially, the certificate issued by an authoritative third-party CA organization should be purchased.
/etc/httpd/ca, execute the command
#Generation of asymmetric encryption RSA algorithm2048Bit private key-out server.key 2048
Generate CSR certificate signature request file
#Specify the private key server.Key to generate a new server.CSR file-new -key server.key -out server.csr
Fill in the registration information, and fill in your domain name or IP address in this column.
Common Name (eg, your name or your server's hostname) :lamp.test.com
Copy the newly generated private key and certificate to the SSL configuration directory.
cp server.key /etc/pki/tls/private/ cp server.crt /etc/pki/tls/certs/
The validity period of the certificate has changed from 1 year to 10 years.
First check whether nginx is installed
http_ssl_moduleModule, if not on the source code to reload nginx, using parameters
/etc/sslDirectory, execute command
#Using DES3 algorithm to generate4096Bit server private key-des3 -out server.key 4096#Generate certificate signature request file-new -key server.key -out server.csr4096Bit CA private key-des3 -out ca.key 4096#Remove the server's private key to avoid the need to enter a password every time the file is loaded in the future-in server.key -out server.key10Year CRT, pay attention to fill in the domain name orIPaddress-new -x509 -key ca.key -out ca.crt -days 3650#The request is valid for3650The incoming file is server.CSR specificationCAThe file is ca.CRT specifies the private key file as ca.Key and create it automaticallyCASequence file output certificate file server.CRT signature successful-req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt
Modify nginx configuration file
listen 80;#Monitoring443port443 ssl; server_name lnmp.test.com;#Configure server certificate/etc/ssl/server.crt;#Configure server private key/etc/ssl/server.key;
nginx -t nginx -s reload
Successfully implemented nginx simple deployment of HTTPS.
This work adoptsCC agreementReprint must indicate the author and the link of this article