Using OpenSSL to generate certificates
1, the method of generating RSA key
OpenSSL genrsa-des3-out Privkey.pem 2048
This command will generate a 2048-bit key, with a Des3 method encrypted password, if you do not want to enter the password each time, you can change to:
OpenSSL genrsa-out Privkey.pem 2048
Build 2, generate a certificate request
It is recommended that you use a 2048-bit key, which is less likely to be unsafe or will soon be unsafe.
OpenSSL Req-new-key privkey.pem-out CERT.CSR
This command will generate a certificate request, of course, with the previously generated key PRIVKEY.PEM file
This will generate a new file CERT.CSR, a certificate request file, where you can take this file to the digital certification authority (CA) to request a digital certificate. The CA will give you a new file Cacert.pem, that's your digital certificate.
If you are doing your own testing, the applicant and the issuer of the certificate are themselves. You can use the following command to generate the certificate:
OpenSSL Req-new-x509-key privkey.pem-out cacert.pem-days 1095
This command will generate a digital certificate using the key generated above Privkey.pem CACERT.PEM
Configure Nginx
01.server 02. {443 listen; SSL on; SSL_CERTIFICATE/VAR/WWW/SSLKEY/CACERT.PEM; SSL_CERTIFICATE_KEY/VAR/WWW/SSLKEY/PRIVKEY.PEM; server_name 192.168.1.1; Index index.html index.htm index.php; Root/var/www/test; 10.11. ..... 12... 13.}