Simple full-site HTTPS practice, full-site https

Simple full-site HTTPS practice, full-site https
First milestone: Creating httpsCertificate

1 [root @ web01 backup] # openssl req-new-x509-nodes-out server. crt-keyout server. key 2 3 Generating a 2048 bit RSA private key 4 ............................. ......................... ++ 5 ................................... ++ 6 7 writing new private key to 'server. key '8 ----- 9 You are about to be asked to enter information that will be inmo-ated10 into your certificate request.11 What you are about to enter is what is called a Distinguished Name or a DN.12 There are quite a few fields but you can leave some blank13 For some fields there will be a default value, 14 If you enter '. ', the field will be left blank.15 ----- 16 Country Name (2 letter code) [XX]: CH # Country Name 17 State or Province name (full Name) []: bj # province 18 Locality Name (eg, city) [Default City]: bj # city 19 Organization Name (eg, company) [Default Company Ltd]: ZNIX # organization Name 20 Organizational Unit Name (eg, section) []: ZNIX # organization name 21 Common Name (eg, your Name or your server's hostname) []: ZNIX # server name 22 Email Address []: ADMIN@ZNIX.TOP # mailbox

View the generated Certificate

1 [root @ web01 backup] # ls2 server. crt server. key3 4 generated key file 5 [root @ web01 backup] # ll6 total 87-rw-r -- 1 root 1375 Nov 6 server. crt8-rw-r -- 1 root 1704 Nov 6 server. key

OpensslParameter description

Parameters	Parameter description
Req	PKCS #10 X.509 Certificate Signing Request (CSR) Management. PKCS #10 X.509 Certificate Signing Request (CSR) management.
X509	X.509 Certificate Data Management. X.509 certificate data management.

Second milestone: Modify nginxConfiguration File

 1 [root@web01 ~]# cat  /application/nginx/conf/extra/www.conf 2 server { 3     listen       443 ssl; 4     server_name  www.etiantian.org; 5     ssl_certificate      /application/nginx/key/server.crt; 6     ssl_certificate_key  /application/nginx/key/server.key; 7     ssl_session_cache    shared:SSL:1m; 8     ssl_session_timeout  5m; 9     ssl_ciphers  HIGH:!aNULL:!MD5;10     ssl_prefer_server_ciphers  on;    11 12     location / {13         root   html/www;14         index  index.php ;15     }16     location ~* .*\.(php|php5)?$ {17                 root html/www;18                 fastcgi_pass  127.0.0.1:9000;19                 fastcgi_index index.php;20                 include fastcgi.conf;21     }22     access_log  logs/access_www.log  main;23 }

Module parameter description

Module name	Description
Ssl_prefer_server_ciphers	Specify that the server password takes precedence over the client password when SSLv3 and TLS protocols are used.
Ssl_ciphers	Specify the enabled password. The password is specified in the format understood by the OpenSSL library.
Ssl_session_timeout	Specifies the time when the client can reuse session parameters.
Ssl_session_cache	Set the cache type and size for storing session parameters.
Ssl_certificate	Specifies that the file has a PEM format certificate for the given virtual server. If you want to specify intermediate certificates in addition to the primary certificate, specify them in the same file in the following order: the primary certificate is the intermediate certificate first, and then the intermediate certificate. PEM-format keys can be stored in the same file.
Ssl_certificate_key	Specifies the secret key in the PEM format of the virtual server given by file.

1.1.2 Client Access

1) browser access https://www.etiantian.org

 

2) Select advanced,ContinueWww.etiantian.org(Insecure)Because the ssl certificate is produced by itself, this problem may occur.

 

3) Website access is normal.

 

For this small green lock ssl, You need to purchase an ssl certificate.