English
English
SSL certificate verification is a security measure that confirms the identity of a server using the SSL encryption protocol. It ensures that data transmitted over the network is not tampered with or intercepted, protecting the confidentiality and integrity of communication.
By verifying the server’s public key, SSL certificate verification effectively prevents man-in-the-middle attacks and guarantees reliable and non-repudiable data transmission.
First, install the OpenSSL tool, then run the following command to generate a self-signed certificate:
<span class="fun">openssl req -x509 -nodes -newkey rsa:2048 -keyout server.key -out server.crt -days 365</span>
This command generates a self-signed certificate valid for 365 days, producing the files server.crt (certificate) and server.key (private key).
Edit the Nginx configuration file (usually located at /etc/nginx/nginx.conf or /etc/nginx/conf.d/default.conf), and add the following to enable HTTPS and redirect HTTP requests:
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}
<p>server {<br>
listen 443 ssl;<br>
server_name example.com;</p>
ssl_certificate_key /path/to/server.key;
location / {
proxy_pass http://backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Here, requests to port 80 are redirected to port 443. Replace the certificate and key paths with your actual file locations.
To enhance security, Nginx can be configured to verify client SSL certificates. Modify the configuration as follows:
server {
listen 443 ssl;
server_name www.example.com;
ssl_client_certificate /path/to/ssl.crt;
ssl_certificate /path/to/new.crt;
ssl_certificate_key /path/to/new.key;
location / {
proxy_pass http://localhost:8080;
}
}
The directive ssl_verify_client on; enables client certificate verification, while ssl_client_certificate specifies the trusted certificate authorities, ensuring only requests with valid client certificates are accepted.
SSL certificate verification is fundamental for securing web services. Properly configuring SSL on the Nginx proxy server effectively protects the confidentiality and integrity of data transmissions. This article explained the complete process of generating SSL certificates, configuring Nginx for HTTPS, and enabling client certificate verification to help users strengthen their server security.
