• notice
  • Congratulations on the launch of the Sought Tech site

How Nginx configures SSL locally

Sometimes, our formalenvironment needs configuration Httpsaccess! !

Many times, we need to get the SSLcertificate of the official environment, open a domain name, and a series of work before we can carry out our Httpsconfiguration functions.

The local development environment does not have the corresponding certificate, and it is not easy to perform related operations such as configuration and testing! !

So let's talk about how to Httpsaccess the configuration in the local development environment! !

Then let's take the nginxserver as an example! ^_^

1. Configuration steps

1.1 Generate a certificate

keytool -genkey -v -alias nginx -keyalg RSA -keystore nginx.keystore -validity 36500

alias isnginx

The keystore file isnginx.keystore

validity is valid for 36500 days


According to the above figure, you can help us generate the nginx.keystorefile

1.2 Convert the certificate format

JKS2PFX.bat nginx.keystore 123456 nginx exportfile .

This JKS2PFX.batis a tool, download address

nginx.keystore, is the file we just generated

123456, is the password we just generated the nginx.keystore file and set

nginx, is the alias we just set

exportfile, is the name of the file we want to generate

., the directory where the ssl certificate is generated, indicating the current folder


Operation mode:
JKS2PFX.bat <KeyStore file> <KeyStore password> <Alias alias> <export file name> [directory]

The transformation produces:


We copy the two files exportfile.crt and exportfile.key to the ssl directory of nginx's conf


1.3 Configure nginx

server {
    listen 443 ssl;
    server_name localhost;
    ssl_certificate ssl/exportfile.crt;
    ssl_certificate_key ssl/exportfile.key; 
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m; 
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_set_header Host       $host;
        proxy_pass http://localhost/;


Once configured, use nginx -s reload to restart.

This configuration supports both http and https


Indicates that it has sslbeen configured


Technical otaku

Sought technology together

Related Topic


Leave a Reply