A tutorial on configuring STARTSSL and SSL under the Nginx server _nginx

Source: Internet
Author: User
Tags openssl openssl rsa nginx server startssl

The first step is to apply for a local certificate

1. OpenSSL, such as software I do not say that the system itself, if not with, their own yum under

[Root@e2fsck ~]# OpenSSL genrsa-des3-out e2fsck.org.key 2048 generating RSA private key, 1024 bit long modulus ... +++ +++ ... ++++++ e is 65537 (0x10001) Enter pass phrase for E2fsck.org.key: Enter password verifying–enter/phrase for E2FSCK.O Rg.key: Enter password [root@e2fsck ~]# OpenSSL req-new-key e2fsck.org.key-out E2FSCK.ORG.CSR enter pass phrase for E2FSCK.ORG.K
EY: Enter password you are about to is asked to enter information that'll be incorporated into your certificate request.
What you are about to enter the What is called a distinguished Name or a DN. There are quite a few fields but can leave some blank for some fields There would be a default value, If you enter '. '
, the field is left blank. -–country Name (2 letter code) [XX]:CN State or province name (full name) []:js locality Name (eg. city) [Default City]: SZ organization name (eg, company) [Default company ltd]:e2fsck organizational unit Name (eg, section) []:e2fsck.org Commo n Name (eg, your name or your server ' s hostname) []:*. e2fsck.org Email Address []:root@e2fsck.org Please enter the following ' extra ' attributes to be sent with your cert Ificate request A Challenge Password []: direct return to A optional company name []: direct return [root@e2fsck ~]# OpenSSL rsa-in] e2fsck.o Rg.key-out E2fsck.org_nopass.key Enter pass phrase for E2fsck.org.key: Enter the password above writing RSA key [root@e2fsck ~]# ls e2fs

 CK.ORG.CSR E2fsck.org.key E2fsck.org_nopass.key

The second step to Startssl to apply for a free certificate

1. Login to official website http://www.startssl.com/?app=0

2. Select control Panel (upper right corner) and select Express Lane (the large icon below)

3. Fill in the registration information (as far as possible, otherwise difficult to pass), and then go to the mail, is 2 mail, the second e-mail with an address, login can

4. After entering, do the next kind of simple things, choose certificates Wizard

5. Certificate Target: Here, select Web Server SSL/TLS Certificate

6. Choose Skip here because the first step is configured well

7. Paste the E2FSCK.ORG.CSR contents of the first step here

8. Then is the next step, add domain name what the simple thing

9. Finally see a piece of code is a CRT certificate, save it, I named E2FSCK.ORG.CRT here and then put it to the/usr/local/nginx/conf directory (you put it anywhere)

10. In order to enable some browsers to identify the certificate, it is also necessary to put the CA root certificate with our certificate and

[Root@e2fsck ~]# cd/usr/local/nginx/conf/   #我这里把证书都放在了这个目录

[root@e2fsck conf]# wget /certs/ca.pem

[root@e2fsck conf]# wget Http://cert.startssl.com/certs/sub.class1.server.ca.pem

[ ROOT@E2FSCK conf]# cp e2fsck.org.crt E2fsck.org.bak   #先备份下

[root@e2fsck conf]# cat Ca.pem Sub.class1.server.ca.pem >> E2FSCK.ORG.CRT

And then edit e2fsck.org.crt to put the inside

-–end Certificate ———-BEGIN certificate-–

Break it up, change it like this

-–end certificate-–
-–begin certificate-–

Third Step configuration nginx.conf

The main is to modify this paragraph

Copy Code code as follows:
Server {   listen    443;   server_name www.e2fsck.org;   Index index.html index.htm index.php;   ssl         on;             <span id= "Note" > #主要是这段 </span>   ssl_ certificate   e2fsck.org.crt;   Ssl_certificate_key e2fsck.org_nopass.key;   ssl_ Session_timeout 5m;   ssl_protocols SSLv2 SSLv3 tlsv1;   ssl_ciphers high:!anull:! md5;   ssl_prefer_server_ciphers  on;   Location ~ php$ {                <span id= "Note" > #这一小段是为了 HTTPS can be resolved php</span>      root      html;     fastcgi_pass  127.0.0.1:9000;     fastcgi_index index.php;     Fastcgi_param SCRIPT_ FILENAME/scripts$fastcgi_script_name;     Fastcgi_param HTTPS on;     include     fastcgi.conf;  }   if (f $request _filename/index.html) {       <span id= "Note" > #如果非SSL做了伪静态, here also </span>     rewrite (. *) $1/ Index.html break;  }   if (f $request _filename/index.php) {      Rewrite (. *) $1/index.php;  }   if (!-f $request _filename) {     rewrite (. *)/ index.php;  }   #location/{   #root   html;   #index index.html Index.htm index.php;   #}}


Then reboot Nginx (if SSL has not been configured before, it must be restarted, reload useless)

Step Fourth Test SSL

Browser input https://www.e2fsck.org You can see that SSL is working properly.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.