Installing OpenSSL
Generate a private key
Cd/etc/pki/tls
VI OPENSSL.COF
Change two keys and suffix named certificate = $dir/cacert.crt Private_key = $dir/private/ca.key
CD CA
Index.txt
Serial
Echo >serial
(Umask 077;openssl genrsa-out private/ca.key 2048 (this file song permission is o77, the private key of the creation CA is 2048)
OpenSSL req-new-x509-key private/ca.key-out cacert.crt-days 3,650 days (3,650 days to generate a certificate from your private key)
CA Setup Complete
Generate Nginx private key, request file, CA issue Certificate
Cd/etc/nginx
mkdir SSL (Secure Sockets Layer)
(Umask o77;openssl genrsa-out nginx.key 2048) (Nginx also generates a private key of its own length is also 2048 characters)
OpenSSL Req-new-key nginx.key-out NGINX.CSR (
Generate a certificate from your own private key)
Enter related information
CP Nginx.csr/etc/pki/ca
To view your own CA directory
Openssl-ca-in nginx.crs-out nginx.crs-days 365 (ca authenticates to Nginx certificate generate a new certificate for 365 days)
Ok le
Create a server in Nginx and fill in the information
server {
Listen 443 SSL HTTP2 default_server;
Server_Name www. baidu. com;
root/usr/share/nginx/html;
Ssl_certificate "/ETC/NGINX/SSL/NGINX.CRT";
Ssl_certificate_key "/etc/nginx/ssl/nginx.key";
Ssl_session_cache shared:ssl:1m;
Ssl_session_timeout
10m;
Ssl_ciphers high:!anull:! MD5;
Ssl_prefer_server_ciphers on;
}
CA self-built authentication and Web authentication based on virtual host