More than 3 years have passed since last update.

NGINXで中間証明書を指定する

nginx

Posted at 2021-01-06

Let's Encryptから取得した証明書

# ls -1
cert.pem　　# SSL証明書
chain.pem   # 中間証明書
private.pem # 秘密鍵

指定することはできない

のでSSL証明書と中間証明書をvimで合体する
上と下をくっつければOK
Apacheだと中間証明書を指定するオプションがあるがNginxだとない

-----BEGIN CERTIFICATE-----
SSL証明書
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
中間証明書
-----END CERTIFICATE-----

config設定


    server {
        listen       443;
        server_name  vamdemicsystem.black;
        root         /usr/share/nginx/html;

        ssl_certificate     "/etc/nginx/cert/cert.pem";    # SSL証明書+中間証明書
        ssl_certificate_key "/etc/nginx/cert/private.pem"; # 秘密鍵
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            proxy_pass https://192.168.11.254;
            proxy_set_header X-Forwarded-Proto    $scheme;
            proxy_set_header HOST                 $host;
            proxy_set_header X-Real-IP            $remote_addr;
            proxy_set_header X-Forwarded-Host     $host;
            proxy_set_header X-Forwarded-Server   $host;
            proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up