Issue a free SSL certificate yourself

Make your own SSL certificate: You issue a free SSL certificate and generate a self-signed SSL certificate for Nginx
Here's how the Linux system generates a certificate through the OpenSSL command.

Start by executing the following command to generate a key
OpenSSL genrsa-des3-out Ssl.key 1024
Then he will ask you to enter the password for this key file. Input is not recommended. Because it will be used for nginx later. Each time you reload Nginx configuration, you need to verify this Pam password.
Because the password must be entered at the time of generation. You can type and then delete.

MV Ssl.key Xxx.key
OpenSSL rsa-in xxx.key-out Ssl.key
RM Xxx.key
Then generate the certificate request file based on this key file
OpenSSL Req-new-key ssl.key-out SSL.CSR
When the above command to fill a lot of things to read one by one (can casually, after all, this is the certificate of their own generation)

Finally, a CRT certificate file is generated from these 2 files
OpenSSL x509-req-days 365-in ssl.csr-signkey ssl.key-out ssl.crt
Here 365 is the certificate validity period recommended 3650 haha. This is all casual. The last file used is the key and the CRT file.

If you need to use PFX, you can use the following command to generate
OpenSSL pkcs12-export-inkey ssl.key-in ssl.crt-out ssl.pfx

Add the following configuration to the server node of the Nginx configuration file that requires the use of the certificate.
SSL on;
SSL_CERTIFICATE/HOME/SSL.CRT;
Ssl_certificate_key/home/ssl.key;
Ssl_session_timeout 5m;
Ssl_protocols SSLv2 SSLv3 TLSv1;
Ssl_ciphers all:! Adh:! Export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp;
Ssl_prefer_server_ciphers on;
And then restart the Nginx and you're done.

Source:http://www.lc365.net/blog/b/15243/

Issue a free SSL certificate yourself