How to configure HTTPS Server with Self-Signed Certificate on nginx

来自koorka知识分享
跳转至: 导航搜索
Generate a self-signed certification:
openssl req -new -x509 -sha256 -days 365 -nodes -out nginx.pem -keyout  nginx.key

Generate a Certificate Signing Request for a Commercial SSL Certificate

openssl req -new -days 365 -nodes -keyout example.com.key -out example.com.csr
You can provide the example.com.csr file to a commercial certificate provider for signing.

You will receive a signed certificate file after the CA signs the request. Save this file as example.com.crt.

Configure Nginx:

copy nginx.pem and nginx.key or example.com.key and example.com.crt to /etc/nginx

Use self-signed certification:
server {
    listen              443 ssl;
    server_name         yourdomain.com;
    keepalive_timeout   70;

    ssl_certificate     nginx.pem;
    ssl_certificate_key nginx.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}
use Commercial SSL Certificate:
server {
    listen              443 ssl;
    server_name         www.example.com;
    keepalive_timeout   70;

    ssl_certificate     example.com.crt;
    ssl_certificate_key example.com.key;;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ...
}