First, what is the SSL certificate
SL Certificate All the way: the SSL secure channel (Secure Socket Layer (SSL). This security protocol is mainly used to provide authentication to the user and server, encrypt and hide the transmitted data, ensure that the data is not changed in the transmission, that is, the integrity of the data, has become the standard of globalization in this field.
An SSL certificate is a digital certificate, similar to an electronic copy of a driver's license, passport, and business license. This is also known as an SSL server certificate because it is configured on the server.
The SSL certificate is the SSL protocol, which is issued by a trusted Digital certification authority CA (such as VeriSign) after authenticating the server, with server authentication and data transfer encryption.
TLS version number and related instructions
Secure Transport Layer Protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. The protocol consists of two tiers: the TLS recording Protocol (TLS record) and the TLS Handshake Protocol (TLS handshake).
Second, configure the server
1. Get the certificate
obtained through the certification authority, that is, to find the certificate of sale.
2. Install the server certificate
To upload the certificate file to the Conf directory of the Nginx installation directory, my installation directory is
/usr/local/nginx/conf/
In order to facilitate the management of certificates I created a certificate in the Conf directory of the Unified Management directory Https_ssl directory, I will all certificates
Stored under the conf/https_ssl/.
The certificate can be renamed for the sake of the recognition of the certificate.
MV Server.key Aaaaaa.key
MV Server.pem AAAAAA.PEM
Nginx Virtual Host Configuration
server {
Listen 443; #修改端口号为443, if there is a firewall remember to turn on the firewall
server_name aaaaaaa; #域名我隐藏了, don't mind aaaaaa.
root/data/www/www.test.com;
Index index.php index.html index.htm;
Access_log/data/wwwlogs/rewrite.log access;
SSL on; #SSL功能开启, using SSL communication protocol
Ssl_certificate Https_ssl/server.pem; #证书文件
Ssl_certificate_key Https_ssl/server.key; #私钥文件
ssl_session_timeout 5m; The client can reuse the expiration time of the SSL parameter in the session cache, the intranet system default 5 minutes is too short, can be set to 30m 30 minutes or even 4h
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #支持的SSL协议标准
ssl_ciphers aesgcm:all:! Dh:! export:! rc4:+high:! medium:! Low:!anull:!enull; Optional Encryption Kit
Ssl_prefer_server_ciphers on; #设置协商加密算法时, priority is given to our service-side encryption suite instead of the encryption suite of the client browser
Location ~ \.php$ {
Fastcgi_pass 127.0.0.1:9000;
Fastcgi_index index.php;
Fastcgi_param Script_filename/scripts$fastcgi_script_name;
Include fastcgi.conf;
}
}
Test access, HTTPS:AAAAA can see a green lock, stating that it has been configured successfully, depending on how the browser views the certificate
It's different, I'm using Firefox.
650) this.width=650; "src=" Https://s1.51cto.com/oss/201710/30/f0ba8dc810fa526eebceeeedde15e2a9.jpg "title=" 1111111111111111.jpg "/>
HTTPS is much more expensive to access than HTTP in real-world usage
This article from "10946218" blog, declined reprint!
Nginx Configuration HTTPS certificate authentication