configuring for HTTPS

Source: Internet
Author: User
Tags openssl x509

1. Generate the key file:

OpenSSL genrsa-out Ssl.key 2048

#提示输入密码, return to the car temporarily.

#测试环境不要加密码, It's a hassle to enter a password every time you debug

2. Use key to generate a CSR file:

OpenSSL Req-new-key ssl.key-out SSL.CSR

#测试环境, a prompt to enter the way

3. Issue certificates with CSR files, key files

OpenSSL x509-req-days 365-in ssl.csr-signkey ssl.key-out ssl.crt

#生成一个ssl. CRT Certificate Files

4. Modify NGINX configuration file


#如不确定, You can view the version and compile parameters with Nginx-v

Two methods:

1. Load Balancer Server implementation

2. actual webserver implementation

This is implemented on a load server:

In the nginx.conf configuration file:

Listen change to 443


then add content to the server block:

# # #https

SSL on;



Ssl_session_cache shared:ssl:1m;

Ssl_session_timeout 5m;

Ssl_ciphers high:!anull:! MD5;

Ssl_prefer_server_ciphers on;

# # #end

finally, Add a location block:-------avoid changing to http every time you jump to a webpage

server {



Rewrite ^/(. *)$1 permanent;


Restart Nginx test, successful (because It is local test, will still prompt insecure, but has implemented HTTPS Access)

1. When HTTPS is made, an exception is displayed each time the URL is visited

because the https address, if the http resource is loaded, the browser will consider this an unsafe resource, will be blocked by default, which will give you to the problem of incomplete resources, such as: pictures can not display, style cannot be loaded, JS loading. Because the style classes are basically written in this The ground, so generally also can, but some common js files, often exist in the CDN or other servers, this time, if the visit can not ask, may lead to the business is completely unable to Operate.

Little friends can follow my public number: Linux OPS rookie tour

Focus on "china Telecom Tianjin Network hall" public number, The first binding can be free to receive 2G of traffic, for your learning to provide traffic!  

configuring for HTTPS

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.