First, the environment introduction:
1, Nginx server (System: CentOS6.5)
2. The certificate has been authorized:
Certificates include:
A, CERT.CSR
B, Server.key
Certificate Request :https://www.wosign.com/
(If you are unable to provide a charge certificate, you can also use a custom certificate, detailed steps below:)
A. Create a server private key
# OpenSSL Genrsa-des3-out Server.key 1024
B. Create a certificate (CSR) for the signing request:
# OpenSSL Req-new-key server.key-out CERT.CSR
C, the password must be removed when loading SSL-supported Nginx and using the above private key
# CP Server.key Server.key.org
# OpenSSL rsa-in server.key.org-out Server.key
Second, Nginx deployment
1. Upload Certificate
# yum-y Install Lrzsz
# Cd/etc/nginx
# Mdir cert && CD cert
# RZ
2. Configure Nginx
# OpenSSL x509-req-days 365-in cert.csr-signkey server.key-out cert.crt
# cd/etc/nginx/conf.d/
# vim default.conf # Add # #号中的信息 to the server module:
server{
Listen default_server;
Listen [::]:80 default_server;
root/usr/share/nginx/html;
##################### the Web Server certer ################
server_name Localhsot;
Listen 443;
SSL on;
SSL_CERTIFICATE/ETC/NGINX/CERT/CERT.CRT;
Ssl_certificate_key/etc/nginx/cert/server.key;
############################################################
# Load configuration files for the default server block.
include/etc/nginx/default.d/*.conf;
}
Third, test:
1. Restart Nginx Service:
# Server Nginx Restart
2. Access using the browser
Https://YouDomainName
Report:
The following are some of the issues and workarounds that you may encounter during this process:
Q1
Error message when starting Nginx:
# Service Nginx Restart
Nginx: [Emerg] Pem_read_bio_x509_aux ("/ETC/NGINX/CERT/CERTREQ.CSR") failed (Ssl:error:0906d06c:pem routines:PEM_ Read_bio:no start Line:Expecting:TRUSTED CERTIFICATE)
Nginx:configuration file/etc/nginx/nginx.conf Test Failed
Workaround:
# OpenSSL x509-req-days 365-in certreq.csr-signkey server.key-out certreq.crt
# vim/etc/nginx/conf.d/default.conf
##### confirm that the following information is correct, pay special attention to the two certificate name # # #
SSL_CERTIFICATE/ETC/NGINX/CERT/CERT.CRT;
Ssl_certificate_key/etc/nginx/cert/server.key;
At this point Nginx HTTPS service has been fully deployed, if there is a problem, please reply message! Thank you!
This article is from the "Elephant" blog, make sure to keep this source http://zlyang.blog.51cto.com/1196234/1890677
Nginx uses SSL module to configure HTTPS service