1. Install nginx briefly
2. Use openssl to implement the certificate center
Because we use openssl to set up a private certificate center , so make sure that the following fields are the same in the certificate center's certificate, server certificate, and client certificate
country name
state or province name
locality name
organization name
organizational unit name
Edit Certificate Center Configuration File
vim /etc/pki/tls/openssl.cnf
[ ca_default ]
dir = /etc/pki/ca
certs = $dir/certs # where the issued certs are kept
crl_dir = $dir/crl # where the issued crl are kept
database = $dir/index.txt # database index file .
# unique_subject = no # set to 'no' to allow creation of
‐ ‐ to certs.
certificate = $dir/cacert.pem # the ca certificate
serial 1 crl
crl = $dir/ crl.pem
countryname = state or province name (full name)
stateorprovincename_default = fj
LocalityName = LOCALITY NAME (EG, City)
LocalityName_Default = FZ
0.organizationNa me_default = ZDZ
OrganizationalunitName = Organizational Unit name (EG, section)
organizationalunitname_default = zdz
Create certificate private key
cd /etc/pki/ca/private
(umask 077;openssl genrsa -out cakey.pem 2048)
Generate Self-signed certificate
cd /etc/pki/ca/
openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days=3655
3、 Create server certificate
mkdir /usr/local/nginx/ssl
cd /usr/local/nginx/ssl
(umask 077;openssl genrsa -out nginx.key 1024)
openssl req -new -key nginx.key -out nginx.csr
openssl ca -in nginx.csr -out nginx.crt -days=3650
4. Create client browser certificate
(umask 077;openssl genrsa -out client.key 1024)openssl req -new -key client.key -out client.csr
openssl ca -in client.csr -out client.crt -days=3650
Convert the text format certificate into a certificate that can be imported into the browser
openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
5. Configure nginx server verification
vim /usr/local/nginx/conf/nginx.conf
ssl on;
ssl_certificate /usr/local/nginx/ssl/ nginx.crt;
ssl_certificate_key /usr/local/nginx/ssl/nginx.key;
ssl_client_certificate /usr/local/nginx/ssl/cacert.pem;
ssl_session_timeout 5m;
#ssl_verify_client on ; ; ”
Click “Add Exception”
Click “Confirm Security Exception”
6. Configure two-way authentication 
Access when the client browser does not have a certificate installed
Import the certificate in the client browser
Download the client certificate generated on the Linux server to Windows
Open the Advanced tab of the Firefox browser
In the certificate manager In your certificate, click Import
Select the certificate and import
Refresh the web page again, and the "Use Confirmation" pops up and click OK to achieve two-way verification
The above is the detailed content of How to configure nginx two-way verification of ssl. For more information, please follow other related articles on the PHP Chinese website!
Using NGINX Unit: Deploying and Managing ApplicationsApr 22, 2025 am 12:06 AMNGINXUnit can be used to deploy and manage applications in multiple languages. 1) Install NGINXUnit. 2) Configure it to run different types of applications such as Python and PHP. 3) Use its dynamic configuration function for application management. Through these steps, you can efficiently deploy and manage applications and improve project efficiency.
NGINX vs. Apache: A Comparative Analysis of Web ServersApr 21, 2025 am 12:08 AMNGINX is more suitable for handling high concurrent connections, while Apache is more suitable for scenarios where complex configurations and module extensions are required. 1.NGINX is known for its high performance and low resource consumption, and is suitable for high concurrency. 2.Apache is known for its stability and rich module extensions, which are suitable for complex configuration needs.
NGINX Unit's Advantages: Flexibility and PerformanceApr 20, 2025 am 12:07 AMNGINXUnit improves application flexibility and performance with its dynamic configuration and high-performance architecture. 1. Dynamic configuration allows the application configuration to be adjusted without restarting the server. 2. High performance is reflected in event-driven and non-blocking architectures and multi-process models, and can efficiently handle concurrent connections and utilize multi-core CPUs.
NGINX vs. Apache: Performance, Scalability, and EfficiencyApr 19, 2025 am 12:05 AMNGINX and Apache are both powerful web servers, each with unique advantages and disadvantages in terms of performance, scalability and efficiency. 1) NGINX performs well when handling static content and reverse proxying, suitable for high concurrency scenarios. 2) Apache performs better when processing dynamic content and is suitable for projects that require rich module support. The selection of a server should be decided based on project requirements and scenarios.
The Ultimate Showdown: NGINX vs. ApacheApr 18, 2025 am 12:02 AMNGINX is suitable for handling high concurrent requests, while Apache is suitable for scenarios where complex configurations and functional extensions are required. 1.NGINX adopts an event-driven, non-blocking architecture, and is suitable for high concurrency environments. 2. Apache adopts process or thread model to provide a rich module ecosystem that is suitable for complex configuration needs.
NGINX in Action: Examples and Real-World ApplicationsApr 17, 2025 am 12:18 AMNGINX can be used to improve website performance, security, and scalability. 1) As a reverse proxy and load balancer, NGINX can optimize back-end services and share traffic. 2) Through event-driven and asynchronous architecture, NGINX efficiently handles high concurrent connections. 3) Configuration files allow flexible definition of rules, such as static file service and load balancing. 4) Optimization suggestions include enabling Gzip compression, using cache and tuning the worker process.
NGINX Unit: Supporting Different Programming LanguagesApr 16, 2025 am 12:15 AMNGINXUnit supports multiple programming languages and is implemented through modular design. 1. Loading language module: Load the corresponding module according to the configuration file. 2. Application startup: Execute application code when the calling language runs. 3. Request processing: forward the request to the application instance. 4. Response return: Return the processed response to the client.
Choosing Between NGINX and Apache: The Right Fit for Your NeedsApr 15, 2025 am 12:04 AMNGINX and Apache have their own advantages and disadvantages and are suitable for different scenarios. 1.NGINX is suitable for high concurrency and low resource consumption scenarios. 2. Apache is suitable for scenarios where complex configurations and rich modules are required. By comparing their core features, performance differences, and best practices, you can help you choose the server software that best suits your needs.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
SublimeText3 English version
Recommended: Win version, supports code prompts!
Atom editor mac version download
The most popular open source editor
