CentOS 6.5 System LNMP Environment install SSL certificate

This article is reproduced from: https://typecodes.com/web/lnmppositivessl.html

The SSL certificate installation is not related to the blog program (whether it is WordPress or Typecho, etc.), but only to the type of server (such as Nginx, Apache, or IIS).

----------Instructions----------               
system:            Aliyun CentOS 6.5
Environment:            LNMP (just configure Nginx server on line)
operation tool:        SECURECRT 7.0
Blog Program:        Typecho 14.10
SSL certificate provider:    Positivessl from Namecheap

first, generate private keys on the Web server, CSR signature request files

###### 1 generates a 2048bit RSA private key File Typecodes.key [root@typecodes ssl]# OpenSSL genrsa-des3-out Typecodes.key, 2048 generating RSA Private key, 2048 bit long modulus ... ... +++ ... +++ e. 65537 (0x10001) Enter pass phrase fo (= ...). * * * *-* * * * * * * * * * R Typecodes.key:verifying-enter Pass phrase for typecodes.key: [Enter same password two times] ###### 2 generate a CSR certificate signing request file TYPECODES.CSR [root@ Typecodes ssl]# OpenSSL req-new-key typecodes.key-out TYPECODES.CSR enter pass phrase for typecodes.key: [Enter password before] Y
Ou are about to is asked to enter information that'll be incorporated into your certificate request.
What you are about to enter the What is called a distinguished Name or a DN. There are quite a few fields but can leave some blank for some fields There would be a default value, If you enter '. '
, the field is left blank.  -----Country Name (2 letter code) [XX]:CN [nationality] state or province name (full name) []:guangdong [Province] locality name (eg, City) [Default City]:shenzhen [cities] organization Name (eg, company) [Default Corporate ltd]:typecodes.com [Corporation] organizational unit Name (eg, section) []:typecodes.com [Industry] Common Name (eg, your name or your server ' s hostname) []:typecodes.com [own domain name] Email address []:vfhky@typecodes.com please ente  R the following ' extra ' attributes to is sent with your certificate request A challenge Password []: [Do not fill in here] an optional Company name []: [Do not fill in here] ###### 3 Remove key file Typecodes.key password "strongly recommended" [Root@typecodes ssl]# CP Typecodes.key Typecodes.key. Origin [Root@typecodes ssl]# OpenSSL rsa-in typecodes.key.origin-out Enter pass Typecodes.key for phrase rigin:writing RSA key [Enter password before] ###### 4 can also be used OpenSSL the private key and CSR to generate their own signature files, but may not be approved by the browser, so this step should skip [Root@typecodes ssl]# opens SL x509-req-days 365-in Typecodes.csr-signkey typecodes.key-out typecodes.crt Signature OK subject=/c=cn/st=guangdong /l=shenzhen/o=typecodes.com/ou=typecodes.com/cn=typecodes.com/emailaddress=vfhky@typecodes.com Getting Private Key ###### 5 View the files generated by the 4 steps above, where TypecoDES.CRT is not required [root@typecodes ssl]# ls typecodes.crt TYPECODES.CSR typecodes.key
 

Ii. obtain digital certificates issued by SSL certificate providers

First enter the SSL certificate management interface for NAMECHEAP, and then click the "Active Now" button to prepare to purchase the SSL product. This will go to the "Digital Certificate Order Form" page, selected in "Select Web Sever" according to your own Web server type, and the blogger is Nginx. Then execute the command on the SECURECRT terminal [Root@typecodes ssl]# cat TYPECODES.CSR, and then copy from the-----begin certificate REQUEST-----to-----End All content in the certificate REQUEST-----is then pasted into a blank bar under Enter CSR.

Finally click "Next", then the interface will display your domain name whois information on the relevant email address list, you need to choose the normal access to the authentication code of the domain name mailbox (Note: The use of a third party such as QQ Enterprise mailboxes, etc., in the page can not be displayed). Fill out the user's information (like city name, street name and so on as far as possible in English, Chinese may be wrong, NAMECHEAP will send a verification code of the mail to your choice of domain name mailbox, enter the mailbox click "Here" button, and then enter the verification code to complete the SSL order. At this point, Namecheap will send the POSITIVESSL certificate file by mail to his own mailbox to send certificate mail.

Third, configure the server nginx files

The SSL certificate provider provides four of the. crt files we need in the Mail: Domain name certificate file typecodes_com.crt, COMODORSADOMAINVALIDATIONSECURESERVERCA.CRT,