First, make sure that openssl and openssl-devel are installed on the machine.
# Yum install openssl
# Yum install openssl-devel
Then, issue the certificate to yourself.
# Cd/usr/local/nginx/conf
# Openssl Gen RSA-des3-out server. key 1024
# Openssl req-new-key server. key-out server. csr
# Openssl rsa-in server. key-out server_nopwd.key
# Openssl x509-req-days 365-in server. csr-signkey server_nopwd.key-out server. crt
Now that the certificate has been generated, the following is how to configure nginx
Server {
Listen 443;
Ssl on;
Ssl_certificate/usr/local/nginx/conf/server. crt;
Ssl_certificate_key/usr/local/nginx/conf/server_nopwd.key;
}
Restart nginx.
Ps: If "[emerg] 10464 #0: unknown directive" ssl "in/usr/local/nginx-0.6.32/conf/nginx appears. conf: 74 "indicates that the ssl module is not compiled into nginx, add"-with-http_ssl_module "to configure ^
Now the https server has been built, but how can the browser trust the certificate issued by itself?
Today, I finally learned how to import the previously generated server. crt file to the certificate manager of the system:
Control panel-> Internet Options-> Content-> publisher-> trusted root certificate authority-> Import-Select server. crt
Note that https accesses port 443. Therefore, you must open this port for iptables.