Nginx Configuration HTTPS certificate authentication

Source: Internet
Author: User
Tags ssl certificate


First, what is the SSL certificate

SL Certificate All the way: the SSL secure channel (Secure Socket Layer (SSL). This security protocol is mainly used to provide authentication to the user and server, encrypt and hide the transmitted data, ensure that the data is not changed in the transmission, that is, the integrity of the data, has become the standard of globalization in this field.

An SSL certificate is a digital certificate, similar to an electronic copy of a driver's license, passport, and business license. This is also known as an SSL server certificate because it is configured on the server.

The SSL certificate is the SSL protocol, which is issued by a trusted Digital certification authority CA (such as VeriSign) after authenticating the server, with server authentication and data transfer encryption.

TLS version number and related instructions

Secure Transport Layer Protocol (TLS) is used to provide confidentiality and data integrity between two communication applications. The protocol consists of two tiers: the TLS recording Protocol (TLS record) and the TLS Handshake Protocol (TLS handshake).

Second, configure the server

1. Get the certificate

obtained through the certification authority, that is, to find the certificate of sale.

2. Install the server certificate

To upload the certificate file to the Conf directory of the Nginx installation directory, my installation directory is

/usr/local/nginx/conf/

In order to facilitate the management of certificates I created a certificate in the Conf directory of the Unified Management directory Https_ssl directory, I will all certificates

Stored under the conf/https_ssl/.

The certificate can be renamed for the sake of the recognition of the certificate.

MV Server.key Aaaaaa.key

MV Server.pem AAAAAA.PEM

Nginx Virtual Host Configuration

server {

Listen 443; #修改端口号为443, if there is a firewall remember to turn on the firewall

server_name aaaaaaa; #域名我隐藏了, don't mind aaaaaa.

root/data/www/www.test.com;

Index index.php index.html index.htm;

Access_log/data/wwwlogs/rewrite.log access;

SSL on; #SSL功能开启, using SSL communication protocol

Ssl_certificate Https_ssl/server.pem; #证书文件

Ssl_certificate_key Https_ssl/server.key; #私钥文件

ssl_session_timeout 5m; The client can reuse the expiration time of the SSL parameter in the session cache, the intranet system default 5 minutes is too short, can be set to 30m 30 minutes or even 4h

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #支持的SSL协议标准

ssl_ciphers aesgcm:all:! Dh:! export:! rc4:+high:! medium:!    Low:!anull:!enull; Optional Encryption Kit

Ssl_prefer_server_ciphers on; #设置协商加密算法时, priority is given to our service-side encryption suite instead of the encryption suite of the client browser

Location ~ \.php$ {

Fastcgi_pass 127.0.0.1:9000;

Fastcgi_index index.php;

Fastcgi_param Script_filename/scripts$fastcgi_script_name;

Include fastcgi.conf;

}

}

Test access, HTTPS:AAAAA can see a green lock, stating that it has been configured successfully, depending on how the browser views the certificate

It's different, I'm using Firefox.

650) this.width=650; "src=" Https://s1.51cto.com/oss/201710/30/f0ba8dc810fa526eebceeeedde15e2a9.jpg "title=" 1111111111111111.jpg "/>

HTTPS is much more expensive to access than HTTP in real-world usage


This article from "10946218" blog, declined reprint!

Nginx Configuration HTTPS certificate authentication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.