How to configure Nginx SSL certificate to deploy HTTPS website

王林
Release: 2023-05-12 12:31:12
forward
1225 people have browsed it

Self-issued ssl certificate that is not trusted by the browser

Manually issued

xshell logs in to the server and uses openssl to generate rsa Key and certificate

# 生成一个rsa密钥 
$ openssl genrsa -des3 -out tfjybj.key 1024

# 拷贝一个不需要输入密码的密钥文件
$ openssl rsa -in dmsdbj.key -out tfjybj_nopass.key

# 生成一个证书请求
$ openssl req -new -key tfjybj.key -out tfjybj.csr
Copy after login

Here you will be prompted to enter information such as province, city, domain name, etc. The email must be the domain name suffix. This generates a csr file, which is the csr file when submitted to the ssl provider.

(Since I don’t have a screenshot here, I found a picture from the Internet. What needs to be replaced is the 33iq below, which is replaced by tfjybj)

When entering the password in the middle , nothing is displayed, but just enter it

How to configure Nginx SSL certificate to deploy HTTPS website

# 自己签发证书
$ openssl x509 -req -days 365 -in tfjybj.csr -signkey tfjybj.key -out tfjybj.crt
Copy after login

Put the generated certificate in the same directory as the nginx configuration file;

nginx configuration

Edit the nginx configuration file nginx.conf and add https protocol

server {
  server_name tfjybj.com;
  listen 443;
  ssl on;
  ssl_certificate /usr/local/nginx/conf/tfjybj.crt;
  ssl_certificate_key /usr/local/nginx/conf/tfjybj_nopass.key;
  # 若ssl_certificate_key使用tfjybj.key,则每次启动nginx服务器都要求输入key的密码。
  (开始我不知道,纳闷为啥启动nginx、关闭nginx都要输入密码)
}
Copy after login

Restart nginx

Issue it yourself The SSL certificate can realize the encrypted transmission function, but the browser does not trust it and will give a prompt:

How to configure Nginx SSL certificate to deploy HTTPS website

Certificate issued through a third party – Alibaba Cloud

Issue Certificate

Log in to the Alibaba Cloud Management Console, select [Certificate Service] from the [Cloud Shield] menu, and choose to purchase a certificate;

I got the free version for testing. After applying, after a day or two of review, I can download the certificate. After downloading and decompressing, there are two files, one ending with key, the private key, and the other ending with pem, the public key;

Configuring nginx

File description:

The certificate file "Application Certificate Name.pem" contains two paragraphs of content. Please do not delete either paragraph.

If it is a csr created by the certificate system, it also includes: certificate private key file "applied certificate name.key".

(1) Create the cert directory in the nginx installation directory, and copy all the downloaded files to the cert directory. If you create a csr file yourself when applying for a certificate, please put the corresponding private key file in the cert directory and name it "applied certificate name.key";

(2) Open conf in the nginx installation directory nginx.conf file in the directory, find:

# https server
# #server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols sslv2 sslv3 tlsv1;
# ssl_ciphers all:!adh:!export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp;
# ssl_prefer_server_ciphers on;
# location / {
#
#
#}
#}
Copy after login

(3) Modify it to (The attributes starting with ssl among the following attributes are directly related to the certificate configuration. Please copy or adjust other attributes based on your actual situation. ) :

server { 
listen 443; 
server_name localhost; 
ssl on; 
root html; 
index index.html index.htm; 
ssl_certificate cert/申请的证书名字.pem; 
ssl_certificate_key cert/申请的证书名字.key; 
ssl_session_timeout 5m; 
ssl_ciphers ecdhe-rsa-aes128-gcm-sha256:ecdhe:ecdh:aes:high:!null:!anull:!md5:!adh:!rc4; 
ssl_protocols tlsv1 tlsv1.1 tlsv1.2; 
ssl_prefer_server_ciphers on; 
location / { 
root html; 
index index.html index.htm; 
} 
}
Copy after login

Save and exit.

(4) Restart nginx.

(5) Access your site via https

The above is the detailed content of How to configure Nginx SSL certificate to deploy HTTPS website. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template