Linux uses openssl to generate SSL certificate for nginx to use the basic tutorial

First execute the following command to generate a 4096-bit key
openssl genrsa -des3 -out hupohost.key 4096 Then he will ask you to enter the password for this key file. Input is not recommended. Because I will use it for nginx in the future. You must verify this PAM password each time you reload the nginx configuration.

The password must be entered when it is generated. You can delete and delete
mv ssl.key xxx.keyopenssl rsa -in xxx.key -out hupohost.keyrm -rm xxx.key

Then generate a certificate request file based on this key file
openssl req -new -key hupohost.key -out hupohost.csr When the above command is generated, you have to fill in a lot of things and look at it one by one (can be casual, after all, this is a certificate generated by yourself)

According to this 2 files generate crt certificate file
openssl x509 -req -days 3650 -in hupohost.csr -signkey hupohost.key -out hupohost.crt Here 3650 is the certificate validity period recommended 3650 haha. This is everyone's free. The last files used are the key and crt files.

If you need to use pfx you can use the following command to generate openssl pkcs12 -export -inkey hupohost.key -in hupohost.crt -out hupohost.pfx

in the server that needs to use the certificate nginx configuration file Add the following configuration to the node
ssl on;ssl_certificate /home/hupohost.crt;ssl_certificate_key /home/hupohost.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:!EXPORT56 :RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;ssl_prefer_server_ciphers on; then restart nginx and you're done

The most important thing is that access is https access
server{ Listen 443;ssl on;ssl_certificate /usr/local/nginx/conf/vhost/ssl/hupohost.crt;ssl_certificate_key /usr/local/nginx/conf/vhost/ssl/hupohos.key;}Port must be port 443