Using Nginx to build HTTPS server

Source: Internet
Author: User
Tags decrypt openssl rsa openssl x509

First, HTTPS introduction

HTTPS is actually made up of two parts: HTTP + SSL/TLS, which adds a layer of encryption information to the HTTP module. The transfer of information between the server and the client is encrypted through TLS, so the transmitted data is encrypted.

First, the client establishes a connection with the server, each generating a private key and a public key, which is different. The server returns a public key to the client, and then the client takes the public key to encrypt the object to be searched, called the ciphertext, and, with its own public key, is returned to the server, the server takes its own private key to decrypt the text, and then encrypts the response data with the client's public key, and returns it to the client. The client takes its own private key to decrypt the text and presents the data.

Second, generate certificates and private keys

Note: This is just a description of how to create a secret key, but the secret key that you create is not validated by your browser. If you need to build an HTTPS server, you need to buy a secret key.

① Create the directory that is stored, and go to the directory, the generic generated directory, should be placed in the Nginx/conf/ssl directory: cd/usr/local/nginx/conf/ssl/

② creating a server certificate key file Server.key:openssl genrsa-des3-out Server.key 1024

    

Note Remember the password you entered, which you need to use later.

③ Create the request file for the server certificate SERVER.CSR

1 [[email protected] SSL]# OpenSSL Req-new-key server.key-out SERVER.CSR2 Enter pass phrase for server.key:← type the password you created earlier3 You is about-to is asked to- enter information that'll be incorporated4 into your certificate request.5 What's about -to-enter is called a distinguished Name or a DN.6 there is quite a few fields but can leave some blank7For some fields there would be a default value,8If you enter '. ',The field would be a left blank.9 -----TenCountry Name (2 letter code)[XX]: cn← Country Code, China input CN OneState or province name (full name)[]: Full name of Beijing← province, pinyin ALocality Name (eg, city)[Default City]: Full name of beijing← city, pinyin -Organization Name (eg, company)[Default Company LTD]: MyCompany Corp. ← Company English Name -Organizational Unit Name (eg, section)[]: ← Can not enter theCommon name (eg, your name or your server ' s hostname)[]: ← Can not enter -Email Address[]: 1430156396@qq. com← e-Mail -  - Please enter the following ' extra ' attributes + To is sent with your certificate request -A Challenge Password[]: ← Can not enter +An optional company name[]: ← Can not enter

④ Backup Server secret key file: CP Server.key Server.key.bak

⑤ Remove file Password: OpenSSL rsa-in server.key.bak-out Server.key

⑥ Generate certificate file Server.crt:openssl x509-req-days 365-in server.csr-signkey server.key-out server.crt

Third, configure Nginx

① Configuring Nginx configuration file: vim/usr/local/nginx/conf/nginx.conf

② add HTTPS configuration in configuration file to enable Nginx to support HTTPS

1 server {2Listen 443 SSL;3server_name www.origal.cn; # domain or IP4 5Ssl_certificate/usr/local/nginx/conf/ssl/214324938610703.pem;6Ssl_certificate_key/usr/local/nginx/conf/ssl/214324938610703.key;7 8Ssl_session_cache shared:ssl:1m;9Ssl_session_timeout 5m;Ten  OneSsl_ciphers high:!anull:! MD5; ASsl_prefer_server_ciphers on; -  - Location /{ theRoot HTML; -Index index.html index.htm; -         } -}

③ is then accessed using HTTPS to access the

Using Nginx to build HTTPS server

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.