openssl 裝好後,開始我們實際的設定。
步驟ㄧ:到系統nginx 資料夾中建立ssl資料夾
$ mkdir /usr/local/etc/nginx/ssl
$ cd /usr/local/etc/nginx/ssl
步驟二:建立key
$ sudo openssl genrsa -des3 -out server.key 2048
建立時會出現下面訊息
Generating RSA private key, 2048 bit long modulus
......................................................+++
............................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
建立的時候要輸入私鑰,要打兩次,私鑰最好背起來!!
步驟三:建立憑證
$ sudo openssl req -new -key server.key -out server.csr
之後會要輸入組織資料,那個我就不列了
步驟四:為憑證簽章
$ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
-days 後面的天數就隨自己定吧~
步驟五:設定nginx上面的憑證
# HTTPS server
server {
listen 443;
server_name example.com;
ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/server.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/server.key;
}
步驟六:重開你的 nginx
結束~