2024-07-06
한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina
mkdir all_https_ssl
cd all_https_ssl
Generate a key with a custom length, such as 2048 (to prevent some applications from requiring the key length to be too short)
openssl genrsa -out key.pem 2048
Use the private key to generate a certificate request (the CSR certificate request is used to send it to the visa company to generate a certificate)
openssl req -new -key key.pem -out csr.pem
Then you will be asked to enter your signature information.
Note: You can fill in CN for the country, and do not fill in the other fields. Do not fill in the password. Press Enter to jump to the end.
Use CSR certificate request to sign (sign by yourself, no need to issue the certificate company, sign for 30 years)
openssl x509 -req -in csr.pem -out cert.pem -signkey key.pem -days 9650
Configure the certificate key and cert to the ssl of port 443 of nginx (nginx's https must be configured with ssl_certificate)
server {
listen 443;
server_name your-domain.com;
ssl on;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;
}
I have devoted myself to the research of technology for more than 30 years. I am proficient in various languages such as Java, Linux, JavaScript, PHP, CSS, etc. I have made many contributions in the field of open source. I have established a developer documentation site to share some problems in technology development for everyone to read.
