Use openssl to create a self-signed https certificate and configure it in nginx

Enterprise 2023-10-03 09:11:01 views: null

Article directory

提示:首先要安装openssl的服务,现在centos默认都会安装该服务。

1. Use openssl to create a server private key (you need to enter a password, please remember this password) to generate an RSA key

First create a directory, such as the ssl directory, and execute the following code. 2048 represents the length of the private key. If configured to 1024, it will prompt that the secret key is too short. It is recommended that the minimum length is 2048 bits.

openssl genrsa -des3 -out server.key 2048

2. Generate a certificate request

openssl req -new -key server.key -out server.csr

The password entered in the previous step is required here.
You need to enter the country, region, organization, and email in order. The most important thing is to have a common name, which can be your name or domain name.

3. Use the following command to delete the password in the private key, otherwise you will be asked to verify the PAM password every time you reload nginx configuration.

openssl rsa -in server.key -out server.key

4. The following command generates a self-signed certificate

openssl x509 -req -days 3650 -sha256 -in server.csr -signkey server.key -out server.crt

5. Copy server.crt and server.key to the ssl folder in the conf directory of Nginx

提示:放置在别的文件夹也是可以的,不过就要写全路径了,放在conf下面,可以配置相对路径,这个在下面的配置中可以看到。

Insert image description here

6. Add certificates and related configurations to the nginx.conf configuration.

It mainly corresponds to the parts in the server, and other parts can be configured as usual.

	server {
	    listen       443 ssl;
	    server_name  localhost;
	    charset utf-8;
	   
	    #ssl证书
	    ssl_certificate   ssl/server.crt;       
	    ssl_certificate_key  ssl/server.key;

	    location / {
		root   html;
		try_files $uri $uri/ /index.html;
		index  index.html index.htm;
	    }
		    
	    error_page   500 502 503 504  /50x.html;
	    location = /50x.html {
	       root   html;
	    }
	}
    server {
       listen 80;
       server_name localhost;
       #将请求转成https
       rewrite ^(.*)$ https://$host$1 permanent;
    }

7. The appearance appears. Even though it is https, it still shows that it is unsafe because it is self-signed.

Insert image description here

Guess you like

Origin blog.csdn.net/bacawa/article/details/129187620
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com