nginx 的https 功能基于模块ngx_http_ssl_module实现，因此如果是编译安装的nginx要使用参数 ngx_http_ssl_module开启ssl功能，

但是作为nginx的核心功能，yum安装的nginx默认就是开启的，编译安装的nginx需要指定编译参数--with-http_ssl_module开启。

可以用nginx -V查看编译安装的模块。

[root@rocky8 ~]#nginx -V
nginx version: nginx/1.22.0
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC)
built with OpenSSL 1.1.1k  FIPS 25 Mar 2021
TLS SNI support enabled
configure arguments: --prefix=/apps/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --add-module=/usr/local/src/echo-nginx-module-master

[root@rocky8 ~]#cd /apps/nginx/ 
[root@rocky8 nginx]# mkdir certs
[root@rocky8 nginx]# cd certs/
[root@rocky8 certs]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt #自签名CA证书
Generating a RSA private key
.............................................................................................++++
.....................................++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #国家代码
State or Province Name (full name) []:beijing #省份
Locality Name (eg, city) [Default City]:beijing #城市
Organization Name (eg, company) [Default Company Ltd]:guanyu #公司名称
Organizational Unit Name (eg, section) []:gy #部门
Common Name (eg, your name or your server's hostname) []:ca.gy.org #通用名称
Email Address []: #邮箱 (可不填)

查看CA证书和私钥文件

[root@rocky8 certs]#ll
total 8
-rw-r--r-- 1 root root 2021 Sep 17 15:46 ca.crt
-rw------- 1 root root 3272 Sep 17 15:45 ca.key

自制key和csr文件

[root@rocky8 certs]# openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.guanyu.org.key -out www.guanyu.org.csr
Generating a RSA private key
......++++
........................................................................................................................................................................................................................................................................................................................++++
writing new private key to 'www.guanyu.org'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:guanyu.org
Organizational Unit Name (eg, section) []:guanyu.org
Common Name (eg, your name or your server's hostname) []:www.guanyu.org
Email Address []:1532105108@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional c