Generate your own ssl certificate through openssl in CentOS Environment

Generate your own ssl certificate through openssl in CentOS Environment
Introduction to generating https certificates using openssl

This article describes how to generate your own ssl certificate through openssl in Linux and enable https with the nginx server. I do not know much about the certificate either. I have collected some information from the Internet and successfully set up an HTTPS server on CentOS. This article is as follows:

Preparations

1. /Etc/pki/CA/index.txt tracks issued certificates, which is initially empty. Note that it is 0 bytes, otherwise an error will be reported.
   wrong number of fields on line 1 (looking for field 6, got 1, '' left)
2. The/etc/pki/CA/serial file, the serial number of the last issued certificate, initial value 01, or other values such as 00.

Start

Switch/etc/pki/tlsThis facilitates the introduction of openssl files.

Generate the private key file of the server

openssl genrsa -des3 -out server.key 1024
The server. key file is generated under the/etc/pki/tls directory.

Generate a CSR File

openssl req -new -key server.key -out server.csr -config openssl.cnf
The server. csr file is generated under the/etc/pki/tls directory.

Self-generated CA Signature

openssl req -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf
Generate two ca. key and ca. crt files, and use the signature later.

CA signature CSR file Form Certificate crt File

Use the ca. key and ca. crt signature generated in the previous step to generate the csr file.
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config openssl.cnf
The server. crt file is generated.

Merge certificate files (crt) and private key files (key)

cat server.crt server.key > server.pem

Build an https Server

Modify the nginx configuration file as follows:

server {    listen       443;    server_name  localhost;    root         /var/www/html;    ssl                  on;    ssl_certificate      /etc/pki/tls/server.pem;    ssl_certificate_key  /etc/pki/tls/server.key;    ssl_session_timeout  5m;    ssl_protocols  SSLv2 SSLv3 TLSv1;    ssl_ciphers  HIGH:!aNULL:!MD5;    ssl_prefer_server_ciphers   on;    location / {    }}

Enterhttps://localhostYou can view the effect.

If you want PHP to support https, you only need to add the parsing php configuration:

Location ~ \. Php $ {root/var/www/html; fastcgi_pass 127.0.0.1: 9000; fastcgi_index index. php; fastcgi_param SCRIPT_FILENAME $ document_root $ fastcgi_script_name; fastcgi_param HTTPS on; # Add this sentence to include fastcgi_params ;}