SSL (Secure Socket Layer), developed by Netscape, is used to ensure the security of data transmission on the Internet. The use of data encryption (Encryption) technology can ensure that data will not be intercepted or eavesdropped during transmission on the network. The general standard is a 40-bit security standard, while the United States has introduced a higher security standard of 128-bit, but exports are restricted. As long as IE or Netscape browser version 3.0 or higher can support SSL.
The SSL protocol is located between the TCP/IP protocol and various application layer protocols to provide security support for data communication. The SSL protocol can be divided into two layers: SSL Record Protocol: It is built on a reliable transmission protocol (such as TCP) and provides support for basic functions such as data encapsulation, compression, and encryption for high-level protocols. SSL Handshake Protocol (SSL Handshake Protocol): It is built on top of the SSL record protocol and is used to authenticate the identity of the communicating parties, negotiate encryption algorithms, and exchange encryption keys before the actual data transmission starts.
Generally speaking, it is not safe to use the SSL protocol. If you simply transfer files, when the visitor enters the account and password to the server, everything is displayed in plain text. If someone captures the packet at this time, you can see the content of the file. The SSL protocol encrypts the data, and even if the packet is captured, the specific content of the file is not visible, which greatly improves the security, especially for websites that involve money transactions.
Generate private key and certificate
Follow the steps and you can get cert.key and cert.pem after finishing
[root@proxy ~]# cd /usr/local/nginx/conf #进入到目录下生成证书秘钥
[root@proxy conf]# openssl genrsa > cert.key #生成私钥,文件名必须与配置文件内相同
[root@proxy conf]# openssl req -new -x509 -key cert.key > cert.pem #生成证书,需要输入信息
Country Name (2 letter code) [XX]: china #国家
State or Province Name (full name) []:hunan #省份
Locality Name (eg, city) [Default City]:changsha #城市
Organization Name (eg, company) [Default Company Ltd]:xxx #公司名
Organizational Unit Name (eg, section) []:xxx #单位名
Common Name (eg, your name or your server's hostname) []:主机名 #主机名hostname查看
Email Address []:[email protected] #邮箱