Create an SSL certificate that can be used in nginx and IIS

    sudo openssl genrsa -des3 -out demo.key 1024
    # openssl genrsa command is used to generate RSA private key, not public key, because the public key is extracted from the private key # -des3 specifies the algorithm used to encrypt the private key file. You don't need to specify the encryption algorithm (it is recommended not to specify the encryption algorithm for your own testing). Optional: -des|-des3|-idea
  # -out demo.key Save the generated private key to the specified file # 1024 Specifies the length of the private key to be generated (in bits). The default is 1024. Usually it is either 1024 or 2048.

    sudo openssl rsa -in demo.key -out temp.key && sudo rm demo.key && sudo mv temp.key demo.key

    sudo openssl genrsa -out demo.key 1024

    sudo openssl req -new -key demo.key -out demo.csr
    # The main functions of the openssl req command are to generate a certificate request file, view and verify the certificate request file, and generate a self-signed certificate. # -new Description Generate a certificate request file. # -key demo.key Specifies an existing key file to generate a key request, which is only used with the generate certificate request option -new.
  # -out demo.csr specifies the name of the generated certificate request or self-signed certificate

    sudo openssl x509 -req -days 36500 -in demo.csr -signkey demo.key -out demo.crt
    # openssl x509 command is mainly used to output certificate information, sign certificate request files, generate self-signed certificates, convert certificate formats, etc. # -req indicates that the following input is a certificate request file # -days 36500 The validity period of the certificate is in days (see you in a hundred years)
  # -in demo.csr specifies the input file# -signkey demo.key signature certificate key# -out demo.crt specifies the output file of the certificate

    sudo openssl pkcs12 -export -inkey demo.key -in demo.crt -out demo.pfx
    # openssl pkcs12 command is used to generate and analyze pkcs12 files # -export specifies that a PKCS#12 file will be created # -inkey demo.key specifies the location of the private key file. If not specified, the private key must be specified in -in filename # -in demo.crt specifies the file from which the private key and certificate are read # -out demo.pfx specifies the output pkcs12 file

    demo.crt: crt certificate file, which can be used when configuring nginx demo.csr: crt certificate request file, which is basically useless now demo.key: private key, which can be used when configuring nginx demo.pfx: certificate installation package, which can be used when deploying iis

  server {
        listen 4430 ssl;
        listen [::]:4430 ssl;

        ssl on;
        ssl_certificate /home/feng/ssl/demo.crt; #crt certificate file ssl_certificate_key /home/feng/ssl/demo.key; #private key file ssl_session_timeout 5m;
        ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers on;

        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                try_files $uri $uri/ =404;
        }
  }

    public class Program
    {

        public static void Main(string[] args)
        {
            CreateHostBuilder(args).Build().Run();
        }

        public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.ConfigureKestrel(options =>
                    {
                        options.ListenAnyIP(5000, listenOptions =>
                        {
                            listenOptions.UseHttps(@"C:\inetpub\wwwroot\demo.pfx", "123456");
                        });
                    });
                    webBuilder.UseStartup<Startup>();
                });
    }