当前位置:网站首页>SSL certificate deployment

SSL certificate deployment

2022-07-07 03:32:00 Not bald

When we finish applying SSL After certificate , Also need to nginx Make the relevant configuration , Can be converted to a secure connection .

Download the certificate file to the server

  1. First , Go to the server console , Download to local certificate .

![image.png](https://img-blog.csdnimg.cn/img_convert/920be43a932d4224c7205550eec92239.png#clientId=ud0ca9c0e-c348-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=653&id=uf7b16ae7&margin=[object Object]&name=image.png&originHeight=653&originWidth=1755&originalType=binary&ratio=1&rotation=0&showTitle=false&size=77083&status=done&style=shadow&taskId=ub9c83b1f-921d-459b-93e1-ed300e0188d&title=&width=1755)
![image.png](https://img-blog.csdnimg.cn/img_convert/cadf3c7f55866c1f2511ce0ca546faae.png#clientId=ud0ca9c0e-c348-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=436&id=u68f60a67&margin=[object Object]&name=image.png&originHeight=808&originWidth=689&originalType=binary&ratio=1&rotation=0&showTitle=false&size=49967&status=done&style=shadow&taskId=u7d711b29-ea4a-4b4f-9597-1a61cd72c9f&title=&width=372)
After the above screenshot operation , We can download the certificate locally .
After decompression, as shown in the figure :
![image.png](https://img-blog.csdnimg.cn/img_convert/cddafa2a49e6928cfd21f872533eab18.png#clientId=ud0ca9c0e-c348-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=193&id=uc2957425&margin=[object Object]&name=image.png&originHeight=193&originWidth=631&originalType=binary&ratio=1&rotation=0&showTitle=false&size=14259&status=done&style=shadow&taskId=ue4942528-259b-4043-b01f-41c32823eec&title=&width=631)
among :
.key The end file is the key file .
.pem The end file is the certificate file .
We need to upload these two files to the server .

  1. Upload the local certificate to the specified directory of the server

I upload it here to /usr/local/nginx/cert/ Under the table of contents .
After uploading, see the figure :
![image.png](https://img-blog.csdnimg.cn/img_convert/c1dcda6f1918b76cd4cdfcf8725a8dc9.png#clientId=ud0ca9c0e-c348-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=38&id=u13b89c33&margin=[object Object]&name=image.png&originHeight=38&originWidth=341&originalType=binary&ratio=1&rotation=0&showTitle=false&size=3787&status=done&style=shadow&taskId=u7574af12-50b2-48ba-a9e7-9bfa40409a9&title=&width=341)
It contains our The key file and Certificate file
Okay . So we upload the certificate to the server .

To configure nginx.conf

We also need to configure nginx.conf File to validate the certificate file .
add to server modular .
Add modules to the configuration file server modular .
commonly , The default configuration file has these contents , It's just commented out . Let's just let go .
however , Also need to change something . The following tips have been given .

server {
        listen       443 ssl;
        server_name  localhost;
        #  The following path is the absolute path of the file you uploaded in the previous step .
        #  If you don't write the absolute path, you will report an error 
        ssl_certificate      /usr/local/nginx/cert/xxxxxxxx_bundle.pem;
        ssl_certificate_key  /usr/local/nginx/cert/xxxxxxxx.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   html;
            index  index.html index.htm;
        }
    }

nginx add to ssl modular

  1. Check which modules we currently have installed 
/usr/local/ngxin/sbin/nginx -V

Display information :

nginx version: nginx/1.12.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
configure arguments:

configure arguments The module installed for us . You can see that it is not installed ssl modular .
If you contain ngx_http_ssl_module, Then you can skip the step of adding modules .

  1. Get into nginx Installation directory

Be careful : No /usr/local/nginx/
My installation directory is :/usr/local/nginx-1.20.2
It contains configure file .
![image.png](https://img-blog.csdnimg.cn/img_convert/3a67918ffa43dd65b6b4e5e2f9216ce2.png#clientId=ud0ca9c0e-c348-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=42&id=u3a556d7f&margin=[object Object]&name=image.png&originHeight=42&originWidth=822&originalType=binary&ratio=1&rotation=0&showTitle=false&size=9186&status=done&style=shadow&taskId=ucafb2ed0-6e93-4760-9814-966ec8dd558&title=&width=822)
Under the installation directory, enter :

  • ./configure --prefix=/usr/local/nginx
  • ./configure --with-http_ssl_module
  • make
  • make install
  1. Backup nginx. And then compile the nginx Replace the original nginx.
  • cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx.bak
  • cp ./objs/nginx /usr/local/nginx/sbin/

restart nginx And test the

restart :

  • /usr/local/nginx/sbin/nginx -s reload

test :
Viewer input https:// domain name
![image.png](https://img-blog.csdnimg.cn/img_convert/1c13d92f4268580e8b54d1b5e1486784.png#clientId=ud0ca9c0e-c348-4&crop=0&crop=0&crop=1&crop=1&from=paste&height=221&id=u63b81f78&margin=[object Object]&name=image.png&originHeight=221&originWidth=370&originalType=binary&ratio=1&rotation=0&showTitle=false&size=31819&status=done&style=shadow&taskId=u305a2b6c-8d6e-4477-aefa-38faefc4d96&title=&width=370)
The connection is secure , success .

原网站

版权声明
本文为[Not bald]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/188/202207062021422923.html

边栏推荐

猜你喜欢

随机推荐