reprint
Use nginx to build an https server
-----------------------
Use nginx to build an https server
Recently I was researching nginx, and I came across a requirement that I hope that the content transmitted between the server and the client is encrypted to prevent information leakage from intermediate monitoring, but it is not cost-effective to apply for a certificate from the certificate service provider, because all access to the server is Insiders, so issue yourself a certificate and ignore the browser's distrust alert. Below is the process of issuing a certificate and configuration.
First make sure openssl and openssl-devel are installed on the machine
#yum install openssl #yum install openssl-devel
and then issue the certificate to yourself
#cd /usr/local/nginx/conf #openssl genrsa -des3 -out server.key 1024 #openssl req -new -key server.key -out server.csr #openssl rsa -in server.key -out server_nopwd.key #openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt
So far the certificate has been generated, the following is to configure nginx
server { listen 443; ssl on; ssl_certificate /usr/local/nginx/conf/server.crt; ssl_certificate_key /usr/local/nginx/conf/server_nopwd.key; }
Then restart nginx.
ps: If "[emerg] 10464#0: unknown directive "ssl" in /usr/local/nginx-0.6.32/conf/nginx.conf:74" appears, it means that the ssl module has not been compiled into nginx. When adding "--with-http_ssl_module", you can ^^
So far, the https server construction has been completed, but how to make the browser trust the certificate issued by itself?
Today, I finally researched and fiddled with it. Just import the previously generated server.crt file into the system's certificate manager. The specific method is as follows:
Control Panel -> Internet Options -> Content -> Publishers -> Trusted Root Certification Authorities -> Import -> select server.crt