Simple implementation of HTTPS (2) self signed certificate

Time:2021-2-20

Self written certificate is often used in learning or testing environment. If the project is running commercially, the certificate issued by an authoritative third-party CA organization should be purchased.

Deploying HTTPS in Apache

Create directory/etc/httpd/ca, execute the command

#Generation of asymmetric encryption RSA algorithm2048Bit private key-out server.key 2048

Generate CSR certificate signature request file

#Specify the private key server.Key to generate a new server.CSR file-new -key server.key -out server.csr

Fill in the registration information, and fill in your domain name or IP address in this column.

Common Name (eg, your name or your server's hostname) []:lamp.test.com

Copy the newly generated private key and certificate to the SSL configuration directory.

cp server.key /etc/pki/tls/private/
cp server.crt /etc/pki/tls/certs/

changessl.confconfiguration file

Simple implementation of HTTPS (2) self signed certificate

visithttps://lamp.test.com

Simple implementation of HTTPS (2) self signed certificate

The validity period of the certificate has changed from 1 year to 10 years.

Deploying HTTPS in nginx

First check whether nginx is installedhttp_ssl_moduleModule, if not on the source code to reload nginx, using parameters--with-http_ssl_module

nginx -V

Simple implementation of HTTPS (2) self signed certificate

get into/etc/sslDirectory, execute command

#Using DES3 algorithm to generate4096Bit server private key-des3 -out server.key 4096#Generate certificate signature request file-new -key server.key -out server.csr4096Bit CA private key-des3 -out ca.key 4096#Remove the server's private key to avoid the need to enter a password every time the file is loaded in the future-in server.key -out server.key10Year CRT, pay attention to fill in the domain name orIPaddress-new -x509 -key ca.key -out ca.crt -days 3650#The request is valid for3650The incoming file is server.CSR specificationCAThe file is ca.CRT specifies the private key file as ca.Key and create it automaticallyCASequence file output certificate file server.CRT signature successful-req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt

Modify nginx configuration file

listen 80;#Monitoring443port443 ssl;
server_name lnmp.test.com;#Configure server certificate/etc/ssl/server.crt;#Configure server private key/etc/ssl/server.key;

Restart nginx

nginx -t
nginx -s reload

visit lnmp.test.com

Simple implementation of HTTPS (2) self signed certificate

Simple implementation of HTTPS (2) self signed certificate

Successfully implemented nginx simple deployment of HTTPS.

This work adoptsCC agreementReprint must indicate the author and the link of this article