Skip to content

Config nginx to support SSL/TLS on CentOS 6.7

1. install requirement package

yum install openssl openssl-devel

2. config ssl module

./configure –with-http_ssl_module

3. modify nginx config file

1、取得受信任机构颁发的证书

包括:

private.key      私钥
certificate.crt  网站证书
ca_bundle.crt    颁发机构证书

存放到/usr/local/nginx/conf目录下

2、修改/usr/local/nginx/conf/nginx.conf配置文件

server {
        listen       443 ssl;
        ssl on;
        ssl_certificate /usr/local/nginx/conf/certificate.crt;
        ssl_certificate_key /usr/local/nginx/conf/private.key;
}

附录:服务器自签证书方法

创建服务器私钥,命令会让你输入一个口令;

创建签名请求的证书(CSR)

在加载SSL支持的Nginx并使用上述私钥时除去必须的口令

cd /usr/local/nginx/conf
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out server_nopwd.key
openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt