# 建立新的自我簽署的憑證檔 產生新的憑證檔 - new-cert.key - new-cert.crt ```shell cd /dir/to/your/cert openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout new-cert.key \ -out new-cert.crt chown 1000.1000 new-cert.* ``` 修改 Nginx 設定 ```shell cd /path/to/nginx vi site-confs/default ssl_certificate /config/keys/new-cert.crt; ssl_certificate_key /config/keys/new-cert.key; ``` 檢查憑證檔的內容 ```shell openssl x509 -in cert.crt -noout -text ``` > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 24:85:b0:74:34:91:da:d3:cf:c4:16:9d:50:19:75:5a:c4:b5:9d:9b > Signature Algorithm: sha256WithRSAEncryption > Issuer: C = US, ST = CA, L = Carlsbad, O = Linuxserver.io, OU = LSIO Server, CN = \* > Validity > Not Before: May 24 11:23:44 2020 GMT > Not After : May 22 11:23:44 2030 GMT > Subject: C = US, ST = CA, L = Carlsbad, O = Linuxserver.io, OU = LSIO Server, CN = \* > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public-Key: (2048 bit) > Modulus: > 00:bd:3b:5c:10:cc:e3:0e:69:d6:2a:b8:46:25:1e: > 6b:30:2d:a9:9a:39:a2:5d:5a:f6:42:70:15:ad:f7: > 68:3c:82:f3:4a:3d:40:70:cf:54:e1:36:c1:f0:e0: > ...