nginxにSSL設定(オレオレ証明書)を行ったときのメモ
環境
- VirtualBox 4.3
- ubuntu 14.04
- nginx 1.6.2
オレオレ証明書を作成する
$ cd ~/
$ openssl genrsa 2048 > server.key
$ openssl req -new -key server.key > server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
※全てEnterでスキップした
$ openssl x509 -days 3650 -req -signkey server.key < server.csr > server.crt
※面倒なので有効期限10年にした
$ sudo mv server.* /etc/nginx/conf.d/
※保存先は任意で。
$ cd /etc/nginx/conf.d/
$ sudo chown root:root server.*
nginxの設定
default.conf
$ cd /etc/nginx/conf.d
$ vim default.conf
---
server {
listen 443 default ssl;
ssl on;
ssl_certificate /etc/nginx/conf.d/server.crt;
ssl_certificate_key /etc/nginx/conf.d/server.key;
server_name localhost;
---
$ sudo /etc/init.d/nginx configtest
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
確認
$ sudo /etc/init.d/nginx start
ブラウザで「https://localhost~ 」で確認する
※windows+virtualbox+ubuntu環境では443ポートへのポートフォワーディング設定が必要です。
virtualbox + ubuntu tipsを参考にしてください。