One. Nginx installation of SSL certificate requires
Two configuration Files
1_ROOT_BUNDLE.CRT , 2_domainname.com.key.
Note: These three certificate files are in folder for Nginx.zip, example:1_root_bundle.crt is the root certificate chain (public key), 2_ Domainname.com.key
Request a free HTTPS certificate https://login.wosign.com/reg.html
First check if Nginx has installed Http_ssl_module, I this is installed HTTPS module, if not this module requires Nginx smooth upgrade to add SSL to implement the station HTTPS.
can refer to http://www.open-open.com/lib/view/open1451624143370.html
Succ
Add Comodo SSL Certificate for Nginx
Install Nginx First, install Nginx on your Linux distribution, or refer to Nginx's official installation tutorials.
1. Merge the obtained certificates according to the contents of the obtained SSL
Because the SSL certificate expires, so want to re-get one, here see Wosign digital certificate and then tried. It's like it's really possible. But to register an account to have a one-year term certificate, but also good.650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/6E/94/wKiom1V_91fTZp2LAAO2i0Lq-qQ293.jp
WIN64 using OpenSSL to generate an SSL certificateDownload OpenSSL http://slproweb.com/products/Win32OpenSSL.htmlGenerate the server-side private key (key file):OpenSSL genrsa-des3-out Root.key 1024Enter your password 123456Request to establish a certificate application file ROOT.CSR:OpenSSL req-new-key root.key-out root.csr-config openssl.cfgCreate a 10-year roo
Because of business needs, you need to migrate an HTTPS site under the original IIS to the Nginx front-end reverse proxy architecture.The specific steps are:
Export the certificate on the Windows server where IIS resides.1) "Start"---> "Run"---> MMC2) "Add"---> "certificates"---> Add3) Select "Computer Account"--->next4) Select "Local Computer"--->ok5) "Close"---> "OK"6) Expand Certificates---> Personal
-genkey means using Keytool to generate key;-alias Client (alias)-keypass 12345678 (alias password, temporarily not found what use)-keyalg RSA (algorithm)-keysize 2048 (key length)-validity 365 (validity, days units)-keystore./client.keystore (Specify the location and certificate name of the generated certificate)-storepass 87654321 (Get the KeyStore info passwor
All HTTP requests in the recent project have to be upgraded to HTTPS, and an SSL certificate with an Nginx configuration is practiced.
Since our certificate is issued by the company, the experience of applying for a certificate is omitted, and the application for free
Nginx support for multiple domain name SSL certificate is required OpenSSL library support, centos5.x OpenSSL library itself does not support this feature, the need to download the compilation, the following steps
wget https://www.openssl.org/source/old/0.9.x/openssl-0.9.8zh.tar.gzTar zxvf./openssl-0.9.8zh.tar.gzCD./openssl-0.9.8zh./config Enable-tlsextMakeMak
redirectoff;} error_page500502503504/50/50.html; NBSP;NBSP;NBSP;NBSP;NBSP;LOCATIONNBSP;~NBSP;/50 (/.*) { roothtml;}}}The most critical of these are the two configurations of Ssl_certificate and Ssl_certificate_key, while others are configured as normal. But one more proxy_set_header x-forwarded-proto https; Configuration.Tomcat-side configuration Server.xmlmust haveproxyport= "443", this is the key to the whole article, of course redirectport must also be 443. Alsothe configuration of the nodes
URL of the SSL certificate requested: https://www.pianyissl.com/Because it is a test, select free to tryThere will be a compressed package after the application.There is a Nginx folder, put the followingServer.keyServer.pemThese two files are uploaded to the server.In this I'm moving these two files into the/usr/local/nginx
The code is as follows
Copy Code
OpenSSL x509-req-days 3650-in hupohost.csr-signkey hupohost.key-out hupohost.crt
Here 3650 is the certificate validity period recommendation 3650 haha. This is random. The last file to use is key and CRT files.If you need to use a PFX you can use the following command to generate
The code is as follows
Copy Code
1. Download let ' s encrypt2. Generate the key, call before you need to stop NginxCertbot certonly--standalone-d www. domain name 1.com-d www. domain name 2.comThe build succeeds with the following promptsIMPORTANT NOTES:-congratulations! Your certificate and chain has been saved at/etc/letsencrypt/live/"Here is your domain name"/FULLCHAIN.PEM. Your cert would expire on "here is the expiry time". To obt
Create a server private key, and the command will let you enter a password:
$ OpenSSL genrsa-des3-out server.key 1024
Create a certificate (CSR) for the signing request:
$ OpenSSL req-new-key server.key-out SERVER.CSR
Remove the required password when loading SSL-supported Nginx and using the above private key:
$ CP Server.key
Original address: http://www.lamppr.com/node/648
Generate a certificate using OpenSSL
1. How to generate RSA keys
OpenSSL genrsa-des3-out Privkey.pem 2048
This command generates a 2048-bit key with a password that is encrypted by the Des3 method, and if you do not want to enter the password every time, you can change it to:
OpenSSL genrsa-out Privkey.pem 20
following page is displayed:
To create a root certificate, select a self-authenticated certificate with serial number 1, select SHA 256 as the signature algorithm, select the default CA as the certificate template, and then click Apply all (this cannot be missed) as follows:
Switch to the Subject Page and fill in all fields.
Click
certificate compression package we obtained has 3 files, namely CERTIFICATE.CRT, CA_BUNDLE.CRT, and Private.key. Because Chiang is ready to deploy the site is Nginx environment set up, here I only use Nginx deployment process records, in fact, if we use what environment is not important, such as the virtual host Cpanel panel deployment is also very simple, after
With Xca (X Certificate and Key Management) Visual Project Manager SSL Certificate series articles (2) and (3). We learned how to generate a certificate with XCA (X Certificate and Key Management), how you have generated your own
documentscacert.pemIt should be generated in/etc/pki/CA.1.4 generate an ssl Key for our nginx web Server
All the preceding operations are performed on the CA server and only need to be performed once. Now, the operation is transferred to the nginx server for execution:
12
# cd /etc/
, and other files.
Req:this subcommand Specifies that we want to use the certificate signing request (CSR) management. The "infrastructure" is a public key, which is SSL and TLS adheres-to-its key and certificate management. We want to create a new-cert, so we is using this subcommand.
-x509:this further modifies the previous subcommand by telling the utility
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.