转自 https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-nginx-for-cent
来源:互联网 发布:java字符串双引号转义 编辑:程序博客网 时间:2024/04/30 00:25
How To Create a SSL Certificate on nginx for CentOS 6
About Self-Signed Certificates
A SSL certificate is a way to encrypt a site's information and create a more secure connection. Additionally, the certificate can show the virtual private server's identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the server's details while a self-signed certificate has no 3rd party corroboration.Intro
Make sure that nginx is installed on your VPS. If it is not, you can quickly install it with 2 steps. Install the EPEL repository:su -c 'rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm'Install nginx
yum install nginx
Step One—Create a Directory for the Certificate
The SSL certificate has 2 parts main parts: the certificate itself and the public key. To make all of the relevant files easy to access, we should create a directory to store them in:sudo mkdir /etc/nginx/ssl
We will perform the next few steps within the directory:
cd /etc/nginx/ssl
Step Two—Create the Server Key and Certificate Signing Request
Start by creating the private server key. During this process, you will be asked to enter a specific passphrase. Be sure to note this phrase carefully, if you forget it or lose it, you will not be able to access the certificate.sudo openssl genrsa -des3 -out server.key 1024
Follow up by creating a certificate signing request:
sudo openssl req -new -key server.key -out server.csr
This command will prompt terminal to display a lists of fields that need to be filled in.
The most important line is "Common Name". Enter your official domain name here or, if you don't have one yet, your site's IP address. Leave the challenge password and optional company name blank.
You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:New YorkLocality Name (eg, city) []:NYCOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome IncOrganizational Unit Name (eg, section) []:Dept of MerrimentCommon Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:webmaster@awesomeinc.com
Step Three—Remove the Passphrase
We are almost finished creating the certificate. However, it would serve us to remove the passphrase. Although having the passphrase in place does provide heightened security, the issue starts when one tries to reload nginx. In the event that nginx crashes or needs to reboot, you will always have to re-enter your passphrase to get your entire web server back online.Use this command to remove the passphrase:
sudo cp server.key server.key.orgsudo openssl rsa -in server.key.org -out server.key
Step Four— Sign your SSL Certificate
Your certificate is all but done, and you just have to sign it.Keep in mind that you can specify how long the certificate should remain valid by changing the 365 to the number of days you prefer. As it stands, this certificate will expire after one year.
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
You are now done making your certificate.
Step Five—Set Up the Certificate
Open up the SSL config file:vi /etc/nginx/conf.d/ssl.confUncomment within the section under the line HTTPS Server. Match your config to the information below, replacing the example.com in the "server_name" line with your domain name or IP address. If you are just looking to test your certificate, the default root there will work.
# HTTPS serverserver { listen 443; server_name example.com; ssl on; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; }
Then restart nginx:
/etc/init.d/nginx restart
Visit https://youraddress. You will see your self-signed certificate on that page!
Resources
- http://wiki.nginx.org/HttpSslModule#Generate_Certificates
0 0
- 转自 https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-nginx-for-cent
- how to create an ssl certificate on nginx for ubuntu14.04
- How to create a ssl certificate on apache2 for Ubuntu 12.04+
- How To Create a SSL Certificate on Apache for Ubuntu 14.04
- Https SSL Knowledge & how to get a self-signed certificate on ubuntu.
- How to create a self-signed SSL Certificate
- How to setup HTTPS [SSL] on WAMP
- How to search for COM and DCOM Knowledge Base articles
- Setup https server with a self SSL certificate for testing.
- http://www.mkyong.com/maven/how-to-create-a-web-application-project-with-maven/
- 转自http://www.cnblogs.com/flashelf/articles/522348.html
- How to deploy a .Net assmebly for COM use through CAB on Web Page (转)
- How to get the visible region of a window or CDC(转自http://www.programmersheaven.com)
- How to Create a Framework for iOS
- How to Create a Framework for iOS
- 如何查看SharePoint Version 载自: http://www.sharepointdesignerstepbystep.com/Blog/Articles/How%20To%20find%20the%20SharePoint%20versi
- DocumentsForiTerms2(转自: https://www.iterm2.com/)
- HOW TO configure a website for HTTPS?
- 深圳嵌入式培训 修练软硬件之功 高薪一路相伴
- Win7上Git安装及配置过程
- org.apache.subversion.javahl.ClientException: Item is not readable 解决办法
- 用java调用oracle存储过程总结
- 编译loongson内核1b-linux-3.0-20130104问题总结
- 转自 https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-nginx-for-cent
- SpringAOP案例(一)XML方式
- 线程之ReadWriteLock用法
- java.lang.RuntimeException:Can't create handler inside trhead that has not called Looper.prepare
- 如何在visual2012里,调用(或引用)DeleteObject方法
- Linux的inode的理解
- java jsp el fn
- 【移动开发】Android中三种超实用的滑屏方式汇总(ViewPager、ViewFlipper、ViewFlow)
- 苹果公司发布iPhone 5s和iPhone 5c