Https://startssl.com This site can provide us with a trusted HTTPS certificate for free, here is a brief introduction to the configuration process.
First the server needs to install the Mod_ssl.so module for OpenSSL and Apache, and the module needs to be opened in httpd.conf.
By doing this, you can use OpenSSL to generate your own certificate.
Here's some knowledge you need to know.
HTTPS throughout the service, you need to understand the role of these files:
server.key 服务器的私钥 server.crt 服务器的证书文件 server.csr 服务器证书请求文件 root.crt 根证书
These files are generated in this way
Run first
openssl req -new -nodes -keyout chorder.net.key -out chorder.net.csr
Generating a server certificate and a server certificate request file, you will be asked to enter many information and passwords about the certificate.
After this step is completed, two files are generated, Chorder.net.key and CHORDER.NET.CSR
Register your account on the STARTSSL website and submit your generated. CSR file so that Startssl generates a
Server certificate and Root certificate.
Copy the two. CRT-terminated certificates to the server's/etc/pki/tls/certs/, and copy the. Key and. CSR files to/etc/pki/tls/private/. (for CentOS server only, other servers please Baidu).
You will also need to link the CERT.PEM (if not one) under/etc/pki/tls/to/ETC/PKI/TLS/CERTS/ROOT.CRT
This will not be reported sec_error_unknown_issuer this error when it is accessed in Firefox browser.
This CERT.PEM is a certificate chain, and only if your server certificate is included in the certificate chain of the STARTSSL Web site will the client consider your certificate to be trustworthy.
Finally, modify the two files.
One is/etc/httpd/conf.d/ssl.conf, modify the following content
Specifying server certificates
SSLCertificateFile /etc/pki/tls/certs/chorder.net.crt
Specify the server private key
SSLCertificateKeyFile /etc/pki/tls/private/chorder.net.key
Specify the server certificate chain (from start COM)
SSLCertificateChainFile /etc/pki/tls/certs/root-bundle.crt
Then modify the/etc/httpd/conf/httpd.conf file to create the configuration for your host (I am a virtual host)
My configuration is as follows
NameVirtualHost *:443 <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/chorder.net.crt SSLCertificateKeyFile /etc/pki/tls/private/chorder.net.key SSLCertificateChainFile /etc/pki/tls/cert.pem ServerName chorder.net ServerAdmin ××××× DocumentRoot ××××× ErrorLog ××××× CustomLog ××××× </VirtualHost>
The HTTP configuration file is actually a few extra lines.
After configuring these, restart the service and complete.
In addition, if you want to access your domain directly to the HTTPS port, you can write a JS to jump, if you feel
Writing the code is too cumbersome, you can add these two lines to the root directory of the. htaccess file to help you jump automatically:
RewriteCond %{SERVER_PORT} !^443$ RewriteRulehttps://%{SERVER_NAME}/$1 [R]
That is, the default port is specified as 443, and all HTTP requests are rewritten as HTTPS.
Apache Server Configuration HTTPS