Home > Developer > Web Develop

HTTPS Protocol Certificate Deployment combat

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

One:

HTTP is the kind of protocol we use when we surf the web. The data transmitted by the HTTP protocol is unencrypted, which is plaintext, so it is very insecure to use the HTTP protocol to transmit private information. To ensure that these private data can be encrypted, Netscape designed the SSL (Secure Sockets Layer) protocol to encrypt the data transmitted by the HTTP protocol, which led to the birth of HTTPS.

Two:

HTTPS requires a handshake between the client (browser) and the server (Web site) before transmitting the data, which establishes the password information for both parties to encrypt the transmitted data during the handshake. TLS/SSL protocol is not only a set of encrypted transmission protocols, but also an artist-designed artwork, TLS/SSL using asymmetric encryption, symmetric encryption and hash algorithm.

Three:

Deploying the HTTPS protocol

Environment requires Yum to install Opensslopenssl-devel

Create a key certificate store directory

Mkdir/usr/local/nginx/ssl

Execute command OpenSSL genrsa-des3-out server.key 1024x768 #生成秘钥

Execute command OpenSSL req-new-key SERVER.KEY-OUTSERVER.CSR #创建签名请求的证书 (CSR)

Execute Command OpenSSL rsa-inserver.key-out Server_nopassword.key # to decrypt

Execute command OpenSSL x509-req-days 365-in server.csr-signkey server_nopassword.key-out SERVER.CRT # Mark certificate using the above private key and CSR

Modify Nginx configuration file, load SSL certificate

vim/usr/local/nginx/conf/nginx.conf # go inside the nginx Config file (add the last line in the HTTP header)

server {

Listen 443;

server_name localhost;

SSL on;

SSL_CERTIFICATE/USR/LOCAL/NGINX/SSL/SERVER.CRT;

Ssl_certificate_key /usr/local/nginx/ssl/server.nopasswd.key;

Ssl_session_timeout 5m;

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphersaesgcm:all:! Dh:! export:! rc4:+high:! Low:!anull:!enull;

Ssl_prefer_server_ciphers on;

}

This article is from the "Centos7" blog, make sure to keep this source http://12832314.blog.51cto.com/12822314/1961898

HTTPS Protocol Certificate Deployment combat

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More