OpenSSL generates an SSL certificate (HTTPS enabled)

One: Environment and installation instructions

Win7_64,nginx Server,OpenSSL_Win64. I use the Phpstudy integrated development environment, using nginx+php to support browser HTTPS requests.

Nginx:Http://nginx.org/en/download.html 
OpenSSL:Http://slproweb.com/products/Win32OpenSSL.html 
website Address:https://www.openssl.org/source/

II: Installation of OpenSSL and configuration

1> download after double-click Install, default installation path is C:\OpenSSL-Win64

2> configuration environment variables, here do not elaborate, skip.

Three: Generate an SSL certificate

1> First, either under Linux or in Cygwin under Windows, you must confirm that the OpenSSL package is installed before doing the following.

2> Create the root certificate key file Myopenssl.key, enter the following command: OpenSSL genrsa-des3-out myopenssl.key

This will prompt you to enter the password two times, please keep the password consistent two times

      Enter pass phrase for root.key:← input a new password  
      Verifying–enter pass phrase for root.key:← re-enter the password again

   3> Create the application file for the root certificate MYOPENSSL.CSR, enter the following command:  openssl req-new-key myopenssl . Key-out MYOPENSSL.CSR

      

The following is a hint message   

Enter pass phrase for root.key:← type the password you created earlier
You is about-to is asked to-enter information that'll be incorporated
into your certificate request.
What's about-to-enter is called a distinguished Name or a DN.
There is quite a few fields but can leave some blank
For some fields there would be a default value,
If you enter '. ', the field would be a left blank.
—–
Country Name (2 letter code) [au]:cn← Country Code, China input CN
State or province name (full name) [some-state]:beijing← Province, pinyin
Locality name (eg, city) [Full name of]:beijing←, pinyin
Organization name (eg, company) [Internet widgits Pty ltd]:mycompany corp.← Corporation English name
Organizational Unit Name (eg, section) []:← can not enter
Common name (eg, YOUR name) []:← not entered at this time
email address []:[email protected]← e-mail address, can be filled in freely

Please enter the following ' extra ' attributes
To is sent with your certificate request
A Challenge Password []:← can not enter
An optional company name []:← can not enter

4> Create a root certificate myopenssl.crt that lasts for 10 years from the current date, enter the following command: openssl x509-req-days 3650-sha1-extensions v3_ca-signkey myopenssl . key-in myopenssl . Csr-out myopenssl . CRT

     

      The following is a hint:

     enter Pass phrase for root.key:← Enter the password you created earlier

OpenSSL generates an SSL certificate (HTTPS enabled)