More than 5 years have passed since last update.

俺俺証明書をnginxに配置

Posted at 2018-05-23

opensslのバージョンを調べる

[root@localhost nginx]# openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

最新を入れる

[root@localhost nginx]# sudo yum install openssl openssl-devel openssl-libs
[root@localhost nginx]# yum clean all
[root@localhost nginx]# sudo yum update openssl openssl-devel openssl-libs

key,pemを作成

[root@localhost nginx]# sudo mkdir /etc/nginx/ssl
[root@localhost nginx]# cd /etc/nginx/ssl/
[root@localhost nginx]# sudo openssl req -new -x509 -sha256 -newkey rsa:2048 -days 365 -nodes -out /etc/nginx/ssl/nginx.pem -keyout /etc/nginx/ssl/nginx.key

パスワードを聞かれたら適当に入力しましょう。
- 「nginx.key」が暗号化鍵、
- 「nginx.pem」が自己署名証明書
暗号化鍵・自己署名証明書のアクセス権限設定

[root@localhost nginx]# sudo chown root:root -R /etc/nginx/ssl/
[root@localhost nginx]# sudo chmod 600 /etc/nginx/ssl/*
[root@localhost nginx]# sudo chmod 700 /etc/nginx/ssl

conf/default.conf

server {
  # ...
  listen 443 ssl;
  server_name secure.example.com;

  # 自己署名証明書
  ssl_certificate /etc/nginx/ssl/nginx.pem;
  # 暗号化鍵
  ssl_certificate_key /etc/nginx/ssl/nginx.key;
  # もしパスワードを入力したら追加（今回は省略）
  # ssl_password_file /etc/nginx/ssl/cert.password;
  # ...
}

設定が完了したらnginxを再起動します。

sudo /etc/init.d/nginx restart

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up