Setting Up an HTTPS Server Using Nginx

Recently, I've been researching Nginx and encountered a requirement to encrypt data transmitted between the server and clients to prevent information leakage from intermediate eavesdropping. However, purchasing certificates from official certificate authorities was not cost-effective since only internal personnel access the server. Therefore, I decided to self-sign the certificate and simply ignore the browser's trust warnings. Below are the steps for generating the certificate and configuring Nginx.

First, ensure that OpenSSL and OpenSSL-devel are installed on your system:

#yum install openssl
#yum install openssl-devel

Next, generate a self-signed certificate:

#cd /etc/nginx/nginxhttps
#openssl genrsa -des3 -out server.key 1024
#openssl req -new -key server.key -out server.csr
#openssl rsa -in server.key -out server_nopwd.key
#openssl x509 -req -days 365 -in server.csr -signkey server_nopwd.key -out server.crt

The certificate is now generated. Next, configure Nginx:

server {
    listen 443;
    ssl on;
    ssl_certificate  /etc/nginx/nginxhttps/server.crt;
    ssl_certificate_key  /etc/nginx/nginxhttps/server_nopwd.key;
}

Then restart Nginx.

At this point, the HTTPS server setup is complete. But how can you make browsers trust your self-signed certificate? (Although directly trusting it in IE is also an option)

After some experimentation, I finally figured it out: simply import the generated server.crt file into the system's certificate manager. The specific steps are as follows:

Control Panel -> Internet Options -> Content -> Certificates -> Trusted Root Certification Authorities -> Import -> Select server.crt