Configure SSL certificate for virtual host
Open the virtual host configuration file vhost.conf or *.conf, copy and paste the following content to the location below, change the port to 443 (https default port) and add certificate related configuration.
server {
listen 80;
server_name localhost ;
location / {
index index.html index.htm;
}
server {
listen 443 ssl;
server_name localhost;
root html;
index index.html index.htm;
ssl_certificate cert/domain name.pem; #Replace domain name.pem with the file name of your certificate.
ssl_certificate_key cert/domain name.key; #Replace domain name.key with the key file name of your certificate.
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256: ECDHE: ECDH: AES: HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
index index.html index.htm;
}
Save the nginx.conf file and exit.
Restart the Nginx server.
Follow-up operation
After the certificate is installed, you can verify whether the certificate is successfully installed by logging in to the certificate and binding the domain name.
https://domain name #domain name is replaced with the domain name bound to the certificate.
If a small lock icon appears in the address bar of the webpage, it means that the certificate is installed successfully.
After the DV SSL digital certificate is deployed on the server, when the user's browser visits the website, the display is as follows: DV SSL certificate installation verification
After the OV SSL digital certificate is deployed on the server, when the user's browser accesses the website, the following is displayed: OV SSL certificate installation verification
After the EV SSL digital certificate is deployed on the server, when the user's browser accesses the website, the display is as follows: EV SSL certificate installation verification
After the certificate installation is complete, if the website cannot be accessed normally via https, you need to confirm whether port 443 of the server where you installed the certificate is open or blocked by other tools. If you are using an Alibaba Cloud ECS server, please go to the security group page of the ECS console to configure port 443.