get server.key with password
openssl genrsa -des3 -out server.key 2048
get server.key no password
openssl rsa -in server.key -out server.key
get server.csr
openssl req -new -key server.key -out server.csr
country name: CN
common name: mysite.com
get ca.crt
openssl req -new -x509 -key server.key -out ca.crt -days 3650
get server.crt
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt
config ssl.conf
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /root/keys/server.crt;
ssl_certificate_key /root/keys/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
}
open 443 port
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
restart nginx
nginx -s stop
nginx