how to ubuntu 14.04 nginx SSL
1. 개인키 생성
openssl genrsa -des3 -out yourdomain.com.key 4096 Generating RSA private key, 4096 bit long modulus ......................................................................++ ..........................................................++ e is 65537 (0x10001) Enter pass phrase for yourdomain.com.key: yourpasswd Verifying - Enter pass phrase for yourdomain.com.key:
2. CSR 생성
openssl req -new -key yourdomain.com.key -out yourdomain.com.csr Enter pass phrase for yourdomain.com.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:yourdomain.com Email Address []:youremail@yourdomain.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: enter An optional company name []: enter
3. 자체 서명된 SSL 인증서 생성
openssl x509 -req -days 365 -in yourdomain.com.csr -signkey yourdomain.com.key -out yourdomain.com.crt
4. nginx conf
server { listen 443; listen localhost:443; server_name localhost; charset utf-8; ssl on; ssl_certificate /nginx/security/yourdomain.com.crt; ssl_certificate_key /nginx/security/yourdomain.com.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /var/html/; index index.html index.php; error_page 403 = /403.html; error_page 404 = /404.html; client_max_body_size 20M; client_body_buffer_size 128k; location / { try_files $uri $uri/ =404; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; include mime.types; } }