How to configure HTTPS Server with Self-Signed Certificate on nginx

来自koorka知识分享
跳到导航 跳到搜索
可打印版不再被支持且可能有渲染错误。请更新您的浏览器书签并改用浏览器默认的打印功能。

Generate a self-signed certification:

openssl req -new -x509 -sha256 -days 365 -nodes -out nginx.pem -keyout  nginx.key

Generate a Certificate Signing Request for a Commercial SSL Certificate

openssl req -new -days 365 -nodes -keyout example.com.key -out example.com.csr

You can provide the example.com.csr file to a commercial certificate provider for signing.

You will receive a signed certificate file after the CA signs the request. Save this file as example.com.crt.

Configure Nginx:

copy nginx.pem and nginx.key or example.com.key and example.com.crt to /etc/nginx

Use self-signed certification:

server {
    listen              443 ssl;
    server_name         yourdomain.com;
    keepalive_timeout   70;

    ssl_certificate     nginx.pem;
    ssl_certificate_key nginx.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}

use Commercial SSL Certificate:

server {
    listen              443 ssl;
    server_name         www.example.com;
    keepalive_timeout   70;

    ssl_certificate     example.com.crt;
    ssl_certificate_key example.com.key;;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}