1. Generate private key
Generate rsa private key, des3 algorithm, 2048 bit strength. server.key is the file name of the secret key. You need to provide a password of at least 4 digits.
[root@localhost ~]# openssl genrsa -des3 -out server.key 2048 Generating RSA private key, 2048 bit long modulus ........................................................+++ ...................................+++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:
2. Generate csr (certificate signing request)
Create a csr request signature request file and send it to a certification authority (expensive), or implement a self signature.
[root@localhost ~]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:GuangDong Locality Name (eg, city) [Default City]:ShenZhen Organization Name (eg, company) [Default Company Ltd]:OPS Organizational Unit Name (eg, section) []:OPS Common Name (eg, your name or your server's hostname) []:www.test.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
3. Delete the password of the private key
[root@localhost ~]# ll total 16 -rw-r--r-- 1 root root 1013 Mar 5 15:17 server.csr -rw-r--r-- 1 root root 1751 Mar 5 15:13 server.key [root@localhost ~]# cp server.key server.key.org [root@localhost ~]# openssl rsa -in server.key.org -out server.key Enter pass phrase for server.key.org: writing RSA key
4. Generate self signed certificate
[root@localhost ~]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=CN/ST=GuangDong/L=ShenZhen/O=OPS/OU=OPS/CN=www.test.com Getting Private key
5. Set SSL certificate for apache and nginx
apache sets SSL certificate and implements http forced jump to https
[root@localhost ~]# vi /etc/http/http.conf
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule rewrite_module modules/mod_rewrite.so
ServerName www.test.com:80
<Directory "/opt/abc/xyz">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://%{SERVER_NAME}/$1 [L,R]
</Directory>
Include /etc/httpd/extra/httpd-ssl.conf
[root@localhost ~]# vi /etc/httpd/extra/httpd-ssl.conf
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/opt/abc/xyz"
ServerName www.test.com:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache2.4.25/logs/error_log"
TransferLog "/usr/local/apache2.4.25/logs/access_log"
SSLEngine on
SSLCertificateFile "/usr/local/apache/ssl/server.crt"
SSLCertificateKeyFile "/usr/local/apache/ssl/server.key"nginx sets SSL Certificate (it can also be set to http to forcibly jump to https)
[root@localhost ~]# vi /usr/local/nginx/conf/nginx.conf
server {
listen 443;
server_name www.test.com;
ssl on;
ssl_certificate server.crt;
ssl_certificate_key server.key;
[root@localhost ~]# cp server.crt server.key /usr/local/nginx/conf/
[root@localhost ~]# cd /usr/local/nginx/conf/
[root@localhost conf]# ll
//Total dosage 76
-rw-r--r--. 1 root root 1077 4 month 5 11:26 fastcgi.conf
-rw-r--r--. 1 root root 1077 4 month 5 11:26 fastcgi.conf.default
-rw-r--r--. 1 root root 1007 4 month 5 11:26 fastcgi_params
-rw-r--r--. 1 root root 1007 4 month 5 11:26 fastcgi_params.default
-rw-r--r--. 1 root root 2837 4 month 5 11:26 koi-utf
-rw-r--r--. 1 root root 2223 4 month 5 11:26 koi-win
-rw-r--r--. 1 root root 5170 4 month 5 11:26 mime.types
-rw-r--r--. 1 root root 5170 4 month 5 11:26 mime.types.default
-rw-r--r--. 1 root root 2746 4 month 5 15:09 nginx.conf
-rw-r--r--. 1 root root 2656 4 month 5 11:26 nginx.conf.default
-rw-r--r--. 1 root root 636 4 month 5 11:26 scgi_params
-rw-r--r--. 1 root root 636 4 month 5 11:26 scgi_params.default
-rw-r--r--. 1 root root 1200 4 month 5 15:10 server.crt
-rw-r--r--. 1 root root 1679 4 month 5 15:10 server.key
-rw-r--r--. 1 root root 664 4 month 5 11:26 uwsgi_params
-rw-r--r--. 1 root root 664 4 month 5 11:26 uwsgi_params.default
-rw-r--r--. 1 root root 3610 4 month 5 11:26 win-utf
[root@localhost conf]# systemctl restart nginx6. Access test
https://192.168.146.129