Help us understand the problem. What is going on with this article?

Nginxにオレオレ証明書を設定する

More than 5 years have passed since last update.

とりあえず開発用にSSLを通したかったので、その設定をした時のメモ書きです。

証明書作成

適当にオレオレ証明書作ります。

[root@nginx-test-1 nginx]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..+++
...................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:←適当なパスフレーズ入れる
Verifying - Enter pass phrase for server.key:←上記のパスフレーズを再入力
[root@nginx-test-1 nginx]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:←先ほど設定したパスフレーズ入れる
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

-----↓情報も適当に入れておく
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Shibuyaku
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@nginx-test-1 nginx]# cp server.key server.key.org
[root@nginx-test-1 nginx]# openssl rsa -in server.key.org -out server.key ←パスフレーズを解除する
Enter pass phrase for server.key.org:←先ほど設定したパスフレーズ入れる
writing RSA key
[root@nginx-test-1 nginx]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=JP/ST=Tokyo/L=Shibuyaku/O=Default Company Ltd
Getting Private key

nginx.confの設定

先程作成した鍵をNginxに設定します。

nginx.conf
中略...
    server {
        listen 443 ssl;
        ssl_certificate /etc/nginx/server.crt;
        ssl_certificate_key /etc/nginx/server.key;
中略...
    }

Nginxをリスタートすると、443ポートでSSL通信ができます。
※ セキュリティ警告は出ますが、まぁ開発用なので気にしないということで。

設定簡単ですね。

Why do not you register as a user and use Qiita more conveniently?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away