test.imdst.com. key Without Password Key test.imdst.com. origin. key with Password KeyIi. Configure ssl verification for nginx
Send test.imdst.com. crt to the browser for verification, and then use test.imdst.com. key to decrypt the data sent by the browser.
Nginx server {} Configuration
server { listen 443
Introduction: This is a detailed page for compiling and installing nginx, PHP 11.04, MySQL, MongoDB, memcached, SSL, and SMTP in Ubuntu 5.3. It introduces the knowledge, skills, and experience related to PhP, and some PHP source code.
Class = 'pingjiaf' frameborder = '0' src = 'HTTP: // biancheng.dnbc?info/pingjia.php? Id = 339660 'rolling = 'no'>Manually compile and install
First, make sure OpenSSL and Openssl-devel are installed on the machine.
#yum Install OpenSSL#yum Install Openssl-devel
And then you issue the certificate to yourself.
#cd/usr/local/nginx/conf#openssl Genrsa-des3-out Server.key 1024#openssl Req-new-key server.key-out SERVER.CSR#openssl rsa-in server.key-out Server_nopwd.key#openssl x509-req-days 365-in server.csr-signkey server_nopwd.key-out server.crt
Now that the certificate has been generated,
Transferred from: http://feitianbenyue.iteye.com/blog/2056357Recently in a project, the structure of the use of Nginx +tomcat cluster, and nginx configuration of Ssl,tomcat no SSL, the project uses the HTTPS protocolHowever, obviously is the HTTPS URL request, found log inside,XML code
0428 15:55:55 INFO (paymentin
URL of the SSL certificate requested: https://www.pianyissl.com/Because it is a test, select free to tryThere will be a compressed package after the application.There is a Nginx folder, put the followingServer.keyServer.pemThese two files are uploaded to the server.In this I'm moving these two files into the/usr/local/nginx/conf directoryParameters are required f
Share how I am configuring SSL on the Nginx step by step.First, make sure that the OpenSSL library is installed and that the –with-http_ssl_module parameters are used when installing Nginx.
Beginners or novices recommend using LNMP for one-click installation.
To generate a certificate:Enter the directory where you want to generate the certificateCd/usr/local/
Recently in a project, the use of enterprise, the structure of the use of Nginx +tomcat cluster, and Nginx configuration Ssl,tomcat no SSL, the project uses the HTTPS protocol, but in the debugging menu related functions found error, error information as follows:After debugging the code inside the Dofilter, found that:
The SSL module is not installed by default, and if you want to use the module, you will need to specify the –with-http_ssl_module parameter at compile time, and the installation module relies on the OpenSSL library and some reference files, usually not in the same package. Usually this file name is similar to Libssl-dev.Generate certificateYou can generate a simple certificate by using the following steps:First, go to the directory where you want to c
server {Listen 443;server_name hsggj.docker.com;The address you define yourself;SSL on;SSL_CERTIFICATE/ETC/NGINX/SSL/NGINX.CRT;The location of the CRT; ssl_certificate_key/etc/nginx/ssl/nginx.key; where key is located;}If the certificate will not be demonstrated, my blog has
https://mozilla.github.io/server-side-tls/ssl-config-generator/
Https://github.com/mozilla/server-side-tls
Different enhanced SSL config is generated based on different server versions. See Configuration is disabled SSLv3, enabled enhanced encryption algorithm and added HSTS feature support.
Mozilla's Server Side TLS guidelines has a detailed description of the configuration.
The following is an example of
The company used a free STARTSSL certificate, I heard that iOS do not trust these free verification of the non-strict certificate, the company decisively purchased a wildcard domain name certificate, in fact, do not seem to have nothing to do, mainly to submit the app when you have to explain the reason, the possibility of rejection is relatively large.Before replacing the certificate, think about keeping the original free certificate, and then use the new domain name to do the test. Result the
Nginx + SSL Optimized configuration:1 #http段添加如下配置项:2 3 http {4 5 ssl_prefer_server_ciphers on; #设置协商加密算法时, priority is given to the encryption suite on our service side, not the client browser's encryption suite. 6Ssl_protocols TLSv1 TLSv1.1TLSv1.2; #协议安全设置7Ssl_ciphers all:!kedh! adh:rc4+rsa:+high:+medium:+low:+sslv2:+EXP; #加密套件 Ssl_ciphers Select the encryption suite, the packages (and the order)
Free public certificate can be obtained from the startcom website, url: https://startssl.com/, register an account, and then press Certificates Wizard steps to fill in the information
The next step is to fill in the CSR certificate information, you can download the Red Arrows at the StartComTool.exe generation, the production of CSR certificates will also generate a. Key's private key file, which is later used when configuring the Nginx certificate.
First to apply for SSL certificate, recommended to Vauton, Tencent Cloud, Aliyun to apply for a free SSL certificate, convenient not to say, important is through the major browser verification.
Nginx configuration, configure the following items in server:
Listen 443; server_name www.daixh.com; #修改成你的域名, To be consistent with the requested certificate domain
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.