Simple full-site HTTPS practice, full-site https

Source: Internet
Author: User
Tags openssl library ssl certificate

Simple full-site HTTPS practice, full-site https
First milestone: Creating httpsCertificate

1 [root @ web01 backup] # openssl req-new-x509-nodes-out server. crt-keyout server. key 2 3 Generating a 2048 bit RSA private key 4 ............................. ......................... ++ 5 ................................... ++ 6 7 writing new private key to 'server. key '8 ----- 9 You are about to be asked to enter information that will be inmo-ated10 into your certificate request.11 What you are about to enter is what is called a Distinguished Name or a DN.12 There are quite a few fields but you can leave some blank13 For some fields there will be a default value, 14 If you enter '. ', the field will be left blank.15 ----- 16 Country Name (2 letter code) [XX]: CH # Country Name 17 State or Province name (full Name) []: bj # province 18 Locality Name (eg, city) [Default City]: bj # city 19 Organization Name (eg, company) [Default Company Ltd]: ZNIX # organization Name 20 Organizational Unit Name (eg, section) []: ZNIX # organization name 21 Common Name (eg, your Name or your server's hostname) []: ZNIX # server name 22 Email Address []: ADMIN@ZNIX.TOP # mailbox

View the generated Certificate

1 [root @ web01 backup] # ls2 server. crt server. key3 4 generated key file 5 [root @ web01 backup] # ll6 total 87-rw-r -- 1 root 1375 Nov 6 server. crt8-rw-r -- 1 root 1704 Nov 6 server. key

OpensslParameter description

Parameters

Parameter description

Req

PKCS #10 X.509 Certificate Signing Request (CSR) Management.

PKCS #10 X.509 Certificate Signing Request (CSR) management.

X509

X.509 Certificate Data Management.

X.509 certificate data management.

Second milestone: Modify nginxConfiguration File

 1 [root@web01 ~]# cat  /application/nginx/conf/extra/www.conf 2 server { 3     listen       443 ssl; 4     server_name  www.etiantian.org; 5     ssl_certificate      /application/nginx/key/server.crt; 6     ssl_certificate_key  /application/nginx/key/server.key; 7     ssl_session_cache    shared:SSL:1m; 8     ssl_session_timeout  5m; 9     ssl_ciphers  HIGH:!aNULL:!MD5;10     ssl_prefer_server_ciphers  on;    11 12     location / {13         root   html/www;14         index  index.php ;15     }16     location ~* .*\.(php|php5)?$ {17                 root html/www;18                 fastcgi_pass  127.0.0.1:9000;19                 fastcgi_index index.php;20                 include fastcgi.conf;21     }22     access_log  logs/access_www.log  main;23 }

Module parameter description

Module name

Description

Ssl_prefer_server_ciphers

Specify that the server password takes precedence over the client password when SSLv3 and TLS protocols are used.

Ssl_ciphers

Specify the enabled password. The password is specified in the format understood by the OpenSSL library.

Ssl_session_timeout

Specifies the time when the client can reuse session parameters.

Ssl_session_cache

Set the cache type and size for storing session parameters.

Ssl_certificate

Specifies that the file has a PEM format certificate for the given virtual server. If you want to specify intermediate certificates in addition to the primary certificate, specify them in the same file in the following order: the primary certificate is the intermediate certificate first, and then the intermediate certificate. PEM-format keys can be stored in the same file.

Ssl_certificate_key

Specifies the secret key in the PEM format of the virtual server given by file.

1.1.2 Client Access

1) browser access https://www.etiantian.org

 

2) Select advanced,ContinueWww.etiantian.org(Insecure)Because the ssl certificate is produced by itself, this problem may occur.

 

3) Website access is normal.

 

For this small green lock ssl, You need to purchase an ssl certificate.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.