Generate certificate
you can generate a simple certificate by using the following steps:
First, enter the directory where you want to create the certificate and private key, for example:
$ cd/usr/local/nginx/conf
Create the server private key, the command will let you enter a password:
$ OpenSSL genrsa-des3-out server.key 1024
To create a certificate (CSR) for a signing request:
$ OpenSSL req-new-key server.key-out SERVER.CSR
Remove the required password when loading SSL-supported Nginx and using the private key above:
$ CP server.key server.key.org
$ openssl rsa-in server.key.org-out Server.key
Enable an SSL virtual host
Write in the nginx.conf configuration file:
server {
listen 443;
server_name example.com;
root/apps/www;
Index index.html index.htm;
SSL on;
SSL_CERTIFICATE/ETC/NGINX/SSL/NGINX.CRT;
Ssl_certificate_key/etc/nginx/ssl/nginx.key;
# Ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# Ssl_ciphers all:! Adh:! Export56:rc4+rsa:+high:+medium:+low:+sslv2:+exp;
# ssl_prefer_server_ciphers on;
}
Where ssl_certificate represents the CA file, Ssl_certificate_key represents the key file.
If you want to force HTTP requests to be transferred to HTTPS, you can do this:
server {
listen ;
server_name example.me;
return https://$server _name$request_uri;
}