Configure HTTPS certificate for nginx under Windows

Configure HTTPS certificate for nginx under Windows

1. openssl installation tutorial:

Official website download: openSSL: http://slproweb.com/products/Win32OpenSSL.html

1. Double-click Win64OpenSSL_Light-3_1_0.exe

2. Install openssl

3. Select the installation path: install it in the root directory of nginx.

4. Next, the default is enough, and click Next all the time. until finish.

Second, configure the OpenSSL environment variable:

1) Add OpenSSL in the system variable , and the address is the installation path.

Right-click This Computer--"Click Properties--"Click Advanced System Settings--"Click Environment Variables--"Find System Variables and click New.

Fill in the variable name and variable value. (The variable value is the bin directory of OpenSSL)

2) Add %OpenSSL% to the system variable PATH

Find Path --"Click Edit--"Click New--"Fill in %OpenSSL%-"Click OK all the time.

3. Use the OpenSSL command to generate an https certificate:

• Create an ssl folder under the nginx folder to store certificates.
• Open the system window under the created ssl folder.
• Create a private key and set your own password, which will be used later.

创建私钥: openssl genrsa -des3 -out 666tp.key 1024
这里需要输入密码：123456

创建csr证书：openssl req -new -key 666tp.key -out 666tp.csr
输入密码：123456
接下来一直回车即可，全部默认。

复制文件： copy 666tp.key 666tp.key.copy

去除密码： openssl rsa -in 666tp.key.copy -out 666tp.key
输入密码：123456

生成 crt 证书： openssl x509 -req -days 365 -in 666tp.csr -signkey 666tp.key -out 666tp.crt

Fourth, modify the nginx.conf configuration file:

The certificate is generated and the nginx configuration file is configured.

• Open \conf\nginx.conf under the nginx folder

server {
    
    
       listen       443 ssl;
       server_name  localhost;

       ssl_certificate      D:/nginx/nginx-1.22.1/ssl/666tp.crt;
       ssl_certificate_key  D:/nginx/nginx-1.22.1/ssl/666tp.key;
       ssl_session_cache    shared:SSL:1m;
       ssl_session_timeout  5m;
       ssl_ciphers  HIGH:!aNULL:!MD5;
       ssl_prefer_server_ciphers  on;

       location / {
    
    
           root   html;
           index  index.html index.htm;
       }
    }

• After configuration, restart nginx:

  nginx.exe -s reload
  

• Check the startup status of nginx . After the startup is successful, use https to access (the above is a self-signed certificate, which can be used as a test, but it may prompt that it is not safe, you need to purchase or apply for a certificate yourself)