Implementation of HTTPS encrypted connection based on Nginx building CA

The previous blogs have implemented Nginx HTTP access and Apache HTTPS encryption connection, so they are now combined to implement the Nginx-based HTTPS encryption connection.

First, the Environment preparation

This time I've prepared two VMS and a real computer, One IP for 172.16.128.7 host as a server, install Nginx software to provide HTTPS services, another IP for the 172.16.128.8 host as a CA, certificate verification, the last real computer to test whether HTTPS is configured successfully.

Second, install Nginx

Reference: http://11142243.blog.51cto.com/11132243/1972367

But here just to verify the functionality of HTTPS, so the following easy to create a page out:

Upload and compile Nginx:

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/A7/4B/wKioL1nklzzDiaHeAAA1q85SUQQ419.png-wh_500x0-wm_ 3-wmp_4-s_1678542484.png "title=" Tim20171016193606.png "alt=" Wkiol1nklzzdiaheaaa1q85suqq419.png-wh_50 "/>

After the installation is done directly using the "Nginx" command to run the Nginx service, then we can be on the real computer through the browser access to the "172.16.128.7", to get the following screen (this is Nginx's own page, in "/local/nginx/html/" Inside):

650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/08/9C/wKiom1nkoiKSrnpZAABuMl5ICYg177.png-wh_500x0-wm_ 3-wmp_4-s_2144801562.png "title=" Tim20171016201158.png "alt=" Wkiom1nkoiksrnpzaabuml5icyg177.png-wh_50 "/>

Third, production certification

Reference: http://11142243.blog.51cto.com/11132243/1972413

Enter the directory "cd/etc/pki/ca" and execute the command (on 172.16.128.8 (CA)):

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M02/A7/58/wKioL1nlhgyjg4w8AAEEN9dXAZ8248.png-wh_500x0-wm_ 3-wmp_4-s_233643361.png "title=" Tim20171017123522.png "alt=" Wkiol1nlhgyjg4w8aaeen9dxaz8248.png-wh_50 "/>

Go back to "172.16.128.7" (server) and do the following:

650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M02/08/A9/wKiom1nliNLBwCrUAADlDbP_IzI134.png-wh_500x0-wm_ 3-wmp_4-s_693088810.png "title=" Tim20171017123419.png "alt=" Wkiom1nlinlbwcruaadldbp_izi134.png-wh_50 "/>

Iv. Changing the SSL configuration of Nginx

Use the following command to change the Nginx configuration file:

~]# vim/etc/nginx/nginx.conf

Add two lines of content to the location of the listening port:

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/08/A9/wKiom1nli87ytIXQAACE6zV3aFs690.png-wh_500x0-wm_ 3-wmp_4-s_3444115805.png "title=" Tim20171017124731.png "style=" Float:none; "alt=" Wkiom1nli87ytixqaace6zv3afs690.png-wh_50 "/>650) this.width=650;" Src= "https://s1.51cto.com/wyfs02/M02/A7/58/ Wkiol1nliridyfkvaacnnnax0go929.png-wh_500x0-wm_3-wmp_4-s_3072674158.png "title=" TIM20171017124654.png "style=" Float:none; "alt=" Wkiol1nliridyfkvaacnnnax0go929.png-wh_50 "/>

The contents are as follows:

Listen 443 SSL; #在这里加上ssl, or add another line of "SSL on;"            The same effect, this is shorthand ssl_certificate/usr/local/nginx/ssl/myweb.test.com.crt; #这两个目录的路径是保存私钥和CA验证之后返回的证书的目录 Ssl_certificate_key/usr/local/nginx/ssl/nginx.key;

After you change the configuration to save the exit and reload the configuration file, you can see the following page after you open it in the browser of the real host:

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/08/A9/wKiom1nli87hWnTsAADTH8IRLtY470.png-wh_500x0-wm_ 3-wmp_4-s_1502501745.png "style=" Float:none; "title=" Tim20171017124623.png "alt=" Wkiom1nli87hwntsaadth8irlty470.png-wh_50 "/>

Implementation of HTTPS encrypted connection based on Nginx building CA