A, generating a one-way certificate authentication https
Establish the server private key, RSA key generation.
You will be asked to enter the password twice,
Then get a server.key file.
After using this file (openssl command provided by or API) may return often requires a password, enter a password. To remove the can use the following command:
Creating a server certificate application documents server.csr
Country Name fill CN, Common Name fill in the host name can not fill, if not fill the browser considered unsafe, the other can not fill
Enter the password
For ssl encryption keys for the above
Using the above keys and sign the formal CSR
created from the current ten-year period from the date of the server certificate server.crt:
Such certificate is built.
~ Is meant home directory.
-
If you log in as superuser root account: ~ is / root directory
-
If you log in as a normal user name: ~ is / home / name directory
Move to the home directory
Open your nginx configuration files, search found 443 https configuration, uncomment this code, make changes according to their own path:
The ssl on; this line removed, ssl written after 443 port. This link http and https can be used in
The ssl_certificate changed server.crt path, the path to server.key of ssl_certificate_key changed.
nginx -s reload reload configuration , nginx is ready to use https, the default 443 port.
If the error message appears:
nginx: [emerg] BIO_new_file("/user/local/nginx/temp/server.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/user/local/nginx/temp/server.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)
The server.crt and server.key files in nginx / conf folder. (And nginx.conf files in the same folder)
ssl_certificate server.crt;
ssl_certificate_key server.key;