The first step is to apply for a local certificate
1. OpenSSL, such as software I do not say that the system itself, if not with, their own yum under
[Root@e2fsck ~]# OpenSSL genrsa-des3-out e2fsck.org.key 2048 generating RSA private key, 1024 bit long modulus ... +++ +++ ... ++++++ e is 65537 (0x10001) Enter pass phrase for E2fsck.org.key: Enter password verifying–enter/phrase for E2FSCK.O Rg.key: Enter password [root@e2fsck ~]# OpenSSL req-new-key e2fsck.org.key-out E2FSCK.ORG.CSR enter pass phrase for E2FSCK.ORG.K
EY: Enter password you are about to is asked to enter information that'll be incorporated into your certificate request.
What you are about to enter the What is called a distinguished Name or a DN. There are quite a few fields but can leave some blank for some fields There would be a default value, If you enter '. '
, the field is left blank. -–country Name (2 letter code) [XX]:CN State or province name (full name) []:js locality Name (eg. city) [Default City]: SZ organization name (eg, company) [Default company ltd]:e2fsck organizational unit Name (eg, section) []:e2fsck.org Commo n Name (eg, your name or your server ' s hostname) []:*. e2fsck.org Email Address []:root@e2fsck.org Please enter the following ' extra ' attributes to be sent with your cert Ificate request A Challenge Password []: direct return to A optional company name []: direct return [root@e2fsck ~]# OpenSSL rsa-in] e2fsck.o Rg.key-out E2fsck.org_nopass.key Enter pass phrase for E2fsck.org.key: Enter the password above writing RSA key [root@e2fsck ~]# ls e2fs
CK.ORG.CSR E2fsck.org.key E2fsck.org_nopass.key
The second step to Startssl to apply for a free certificate
1. Login to official website http://www.startssl.com/?app=0
2. Select control Panel (upper right corner) and select Express Lane (the large icon below)
3. Fill in the registration information (as far as possible, otherwise difficult to pass), and then go to the mail, is 2 mail, the second e-mail with an address, login can
4. After entering, do the next kind of simple things, choose certificates Wizard
5. Certificate Target: Here, select Web Server SSL/TLS Certificate
6. Choose Skip here because the first step is configured well
7. Paste the E2FSCK.ORG.CSR contents of the first step here
8. Then is the next step, add domain name what the simple thing
9. Finally see a piece of code is a CRT certificate, save it, I named E2FSCK.ORG.CRT here and then put it to the/usr/local/nginx/conf directory (you put it anywhere)
10. In order to enable some browsers to identify the certificate, it is also necessary to put the CA root certificate with our certificate and
[Root@e2fsck ~]# cd/usr/local/nginx/conf/ #我这里把证书都放在了这个目录
[root@e2fsck conf]# wget /certs/ca.pem
[root@e2fsck conf]# wget Http://cert.startssl.com/certs/sub.class1.server.ca.pem
[ ROOT@E2FSCK conf]# cp e2fsck.org.crt E2fsck.org.bak #先备份下
[root@e2fsck conf]# cat Ca.pem Sub.class1.server.ca.pem >> E2FSCK.ORG.CRT
And then edit e2fsck.org.crt to put the inside
-–end Certificate ———-BEGIN certificate-–
Break it up, change it like this
-–end certificate-–
-–begin certificate-–
Third Step configuration nginx.conf
The main is to modify this paragraph
Copy Code code as follows:
Server { listen 443; server_name www.e2fsck.org; Index index.html index.htm index.php; ssl on; <span id= "Note" > #主要是这段 </span> ssl_ certificate e2fsck.org.crt; Ssl_certificate_key e2fsck.org_nopass.key; ssl_ Session_timeout 5m; ssl_protocols SSLv2 SSLv3 tlsv1; ssl_ciphers high:!anull:! md5; ssl_prefer_server_ciphers on; Location ~ php$ { <span id= "Note" > #这一小段是为了 HTTPS can be resolved php</span> root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; Fastcgi_param SCRIPT_ FILENAME/scripts$fastcgi_script_name; Fastcgi_param HTTPS on; include fastcgi.conf; } if (f $request _filename/index.html) { <span id= "Note" > #如果非SSL做了伪静态, here also </span> rewrite (. *) $1/ Index.html break; } if (f $request _filename/index.php) { Rewrite (. *) $1/index.php; } if (!-f $request _filename) { rewrite (. *)/ index.php; } #location/{ #root html; #index index.html Index.htm index.php; #}}
Then reboot Nginx (if SSL has not been configured before, it must be restarted, reload useless)
Step Fourth Test SSL
Browser input https://www.e2fsck.org You can see that SSL is working properly.