Scene: the transmission of data security
Disadvantages: if they are middlemen while impersonating the client and server can not be prevented
The disadvantage of requiring a CA-signed certificate
http://www.ruanyifeng.com/blog/2011/08/what_is_a_digital_signature.html
https://blog.csdn.net/wangtaomtk/article/details/80917081
1 to generate the key, CA-signed certificate, use openssl
[root@izwz97j0sus9exlvpgweqpz ~]# openssl version OpenSSL 1.0.2k-fips 26 Jan 2017
Generate key confirmation before environment
1: Generate Key
openssl genrsa -idea -out guo.key 1024
2: Generate Certificate Signing Request file (crs file)
openssl req -new -key guo.key -out guo.csr
3: Generate a Certificate Signing (CA file)
These two guo.csr guo.key to signing authority, but here have their own CA
X509 -req -days OpenSSL 3650 - in guo.csr -signkey guo.key - OUT guo.crt
-days 3650 default will not fill a month.
CA has been completed at this time
2 core configuration syntax
打开ssl on
Syntax: ssl on | of
Default: ssl off
Context:http, server
证书文件
Syntax: ssl_certificate file
Default:---
Context:http, server
证书密码文件
Syntax: ssl_certificate_key file
Default: ---
Context:http, server
server { listen 443; server_name 120.79.210.194; ssl on; ssl_certificate /etc/nginx/ssl_key/guo.crt; ssl_certificate_key /etc/nginx/ssl_key/guo.key; #ssl_certificate_key /etc/nginx/ssl_key/jesonc_nopass.key; index index.html index.htm; location / { root /opt/app/code; } }