Original address: http://www.lamppr.com/node/648
Generate a certificate using OpenSSL
1. How to generate RSA keys
OpenSSL genrsa-des3-out Privkey.pem 2048
This command generates a 2048-bit key with a password that is encrypted by the Des3 method, and if you do not want to enter the password every time, you can change it to:
OpenSSL genrsa-out Privkey.pem 2048
It is recommended to use a 2048-bit key that is less likely to be unsafe or will soon be unsafe.
2. Generate a certificate request
OpenSSL Req-new-key privkey.pem-out CERT.CSR
This command will generate a certificate request, of course, using the previously generated key PRIVKEY.PEM file here will generate a new file CERT.CSR, a certificate request file, you can take this file to a digital certification authority (i.e. CA) to request a digital certificate. The CA will give you a new file Cacert.pem, that's your digital certificate.
If you do the test yourself, then the certificate applicant and the authority are themselves. You can use the following command to generate the certificate:
OpenSSL Req-new-x509-key privkey.pem-out cacert.pem-days 1095
This command generates a digital certificate with the key PRIVKEY.PEM generated above CACERT.PEM
Configure Nginx
Server
{
Listen 443;
SSL on;
SSL_CERTIFICATE/VAR/WWW/SSLKEY/CACERT.PEM;
SSL_CERTIFICATE_KEY/VAR/WWW/SSLKEY/PRIVKEY.PEM;
server_name 192.168.1.1;
Index index.html index.htm index.php;
Root/var/www/test;
}