59
65

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

Nginxにオレオレ証明書を設定する

Last updated at Posted at 2014-11-20

とりあえず開発用にSSLを通したかったので、その設定をした時のメモ書きです。

証明書作成

適当にオレオレ証明書作ります。

[root@nginx-test-1 nginx]# openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
..+++
...................................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:←適当なパスフレーズ入れる
Verifying - Enter pass phrase for server.key:←上記のパスフレーズを再入力
[root@nginx-test-1 nginx]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:←先ほど設定したパスフレーズ入れる
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

-----↓情報も適当に入れておく
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Shibuyaku
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@nginx-test-1 nginx]# cp server.key server.key.org
[root@nginx-test-1 nginx]# openssl rsa -in server.key.org -out server.key ←パスフレーズを解除する
Enter pass phrase for server.key.org:←先ほど設定したパスフレーズ入れる
writing RSA key
[root@nginx-test-1 nginx]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=JP/ST=Tokyo/L=Shibuyaku/O=Default Company Ltd
Getting Private key

nginx.confの設定

先程作成した鍵をNginxに設定します。

nginx.conf
中略...
    server {
        listen 443 ssl;
        ssl_certificate /etc/nginx/server.crt;
        ssl_certificate_key /etc/nginx/server.key;
中略...
    }

Nginxをリスタートすると、443ポートでSSL通信ができます。
※ セキュリティ警告は出ますが、まぁ開発用なので気にしないということで。

設定簡単ですね。

59
65
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
59
65

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?