Nginx Configuring SSL Basics Tutorial

Generating Certificates Using OpenSSL

1. Method of Generating RSA Keys

openssl genrsa -des3 -out privkey.pem 2048 This command will generate a 2048 bit The key, there is a password encrypted by the des3 method. If you don't want to enter the password every time, you can change it to: openssl genrsa -out privkey.pem 2048 suggests using a 2048-bit key, less than this may be unsafe or It will be insecure soon.

2, generate a certificate request openssl req -new -key privkey.pem -out cert.csr this command will generate a certificate request, of course, the previously generated key privkey.pem file will be used here Generate a new file cert.csr, a certificate request file that you can use to apply for a digital certificate from a digital certificate authority (CA). CA will give you a new file cacert.pem, that is your digital certificate.

If you are doing your own testing, then the applicant and the issuing authority of the certificate are all. You can use the following command to generate a certificate: openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 This command will generate a digital certificate cacert.pem

Configure nginx

server{listen 443;ssl on;ssl_certificate /var/www/sslkey/cacert.pem;ssl_certificate_key /var/www/sslkey/privkey.pem;server_name www.sklinux.com ;index index.html index.htm index.php;root /var/www/sklinux.com;}