1. See if the SSL component is already installed
[Email protected] wwwlogs]# Cd/usr/local/nginx/sbin/[[email protected] sbin]#./nginx-vnginx version:nginx/ 1.0.15built by GCC 4.1.2 20080704 (Red Hat 4.1.2-52) TLS SNI support disabledconfigure arguments:--user=www--group=www-- Prefix=/usr/local/nginx--with-http_stub_status_module--with-http_ssl_module--with-http_gzip_static_module-- With-ipv6 If you already have a http_ssl_module, you have installed it. If not, recompile the installation of Nginx 2. Build Key[[email protected] sbin]# cd/usr/local/nginx/conf/ [email protected] conf]# OpenSSL genrsa-des3-outServer.key1024Generating RSA private key, 1024x768 bit long modulus.......++++++..........................................++++++e is 65537 (0x10001) Enter pass phrase for Server.key:ABCDVerifying-enter Pass phrase for Server.key:ABCD3. Generate certificate [[email protected] conf]# OpenSSL Req-new-keyServer.key-outSERVER.CSREnter Pass phrase for Server.key:ABCDYou is about to being asked to enter information that'll be incorporatedinto your certificate request. What's about-to-enter is called a distinguished Name or a DN. There is quite a few fields but can leave some blankfor some fields there would be a default value,if you enter '. ', t He field would be a left blank.-----Country Name (2 letter code) [GB]:CNState or province name (full name) [Berkshire]:BeijingLocality Name (eg, city) [Newbury]:ChaoyangOrganization Name (eg, company) [My company LTD]:TestOrganizational Unit Name (eg, section) []:WebCommon name (eg, your name or your server ' s hostname) []:SunyuEmail Address []:[email protected]Please enter the following ' extra ' attributesto is sent with your certificate Requesta challenge password []:1qazxsw23edcAn optional company name []:Testcomp[email protected] conf]# CPServer.key server.key.org[email protected] conf]# OpenSSL rsa-inserver.key.org-outServer.keyEnter Pass phrase for server.key.org:ABCDWriting RSA Key[[email protected] conf]# OpenSSL x509-req-days 365-inSERVER.CSR-signkeyServer.key-outSERVER.CRTSignature oksubject=/c=cn/st=beijing/l=chaoyang/o=easymobi/ou=web/cn=sunyu/[email protected]getting Private key 4. Configure Nginx to include in the configuration file: Server{listen 443;server_name test.test.cn;index index.html index.htm index.php;root/home/wwwroot /vegtest/; SSL On;ssl_certificate/usr/local/nginx/conf/server.crt;ssl_certificate_key/usr/local/nginx/conf/server.key;} You can then visit https://test.test.cn to see the effect.
CentOS Nginx Install OpenSSL