Nginx uses HTTPS (prepare certificate and private key)

Enterprise 2023-09-09 21:09:52 views: null

Article directory

Nginx generates a self-signed certificate and configures Nginx HTTPS (prepare certificate and private key)

Prepare certificate and private key

  1. Generate private key
openssl genrsa -des3 -out server.key 2048

This generates an encrypted private key file server.key.

When executing the openssl genrsa command, using the -des3 parameter will require setting a password to encrypt the generated private key. For security, the password should be sufficiently complex and long. It is also more secure to use -des3 to generate a password-protected private key.
In addition, in the subsequent certificate generation process, you need to enter the same password to use this password-protected private key.

  1. Generate a Certificate Signing Request (CSR)
openssl req -new -key server.key -out server.csr

Enter the domain name, company information, etc. as prompted to generate a CSR file.

  1. Generate self-signed certificate
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

Here, the validity period is set to 3650 days, which is approximately equal to 10 years.

  1. Change the private key to not encrypted
openssl rsa -in server.key -out server.key

In this way, the server.crt certificate file and the server.key private key file can be obtained.

Using the -des3 parameter when generating the private key will set a password protection for the private key, so that the risk of the private key being stolen will be reduced.
However, it will be more troublesome to directly use the private key with password in Nginx. You need to enter the decryption password every time you start it.
So the purpose of step 4 here "Change the private key to unencrypted" is to remove the password protection of the private key and turn it into an unencrypted ordinary private key.

benefit:

  1. It saves the trouble of entering the private key to decrypt the password every time you start Nginx.

  2. Simplified Nginx configuration and startup process.

  3. It avoids the problem that Nginx fails to start due to wrong password input during operation.

  4. The private key loaded in the memory is no longer encrypted and can be used in plain text, increasing some efficiency.

  5. Configure and use in Nginx

server {
    
    
  listen 443 ssl; 
  server_name www.example.com;

  ssl_certificate /path/to/server.crt;
  ssl_certificate_key /path/to/server.key;
}

Configure the certificate and private key file paths into the Nginx configuration, and you can use HTTPS.

Guess you like

Origin blog.csdn.net/inthat/article/details/132316021
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com