First, prepare to compress the SSL certificate file
Information from the Internet on the installation of Comodo Positivessl certificate, found that there are different versions of the form, because sometimes we download to the Comodo POSITIVESSL certificate will see 2 files, some 4 files, 2 files are already compressed. and 4 files is that we haven't compressed the file yet.
For example, in the previous application of the UK2 free SSL certificate in the above, we can see the above, the compressed package has 4 files.
| The code is as follows |
Copy Code |
Uk2_laojiang_me.crt
Comodorsadomainvalidationsecureserverca.crt
Comodorsaaddtrustca.crt
Addtrustexternalcaroot.crt
|
We use the text Editing tool to merge the top 4 files together into one file, or we can merge them directly into the server with the cat command. For example, I merged all the files into the New_laojiang_me.crt file.
At the same time, remember that we have generated a CSR file in the server when there is a key file is also what we need, this need to find, and then use the site when the deployment of the environment need to use.
Second, the Apache Web site Environment Installation SSL Certificate method
If our web site environment is Apache, then use this method to deploy SSL certificate installation, the old Chiang also alone in a test machine installed Apache environment, because most of the nginx environment, so now use Apache when some are not accustomed to.
1. Check and install SSL module
| The code is as follows |
Copy Code |
Yum Install OpenSSL
Yum Install Mod_ssl
|
We need to first check whether the current server has an SSL module installed, whether or not, we execute the above 2 lines of command.
2. Upload SSL certificate key and CRT file
We will put the prepared key file and merged CRT files in the directory we know, this path we remember, one is easy to manage, and then call when needed.
| The code is as follows |
Copy Code |
/etc/httpd/conf.d/ssl.conf
|
In this file, configure our SSL certificate.
| The code is as follows |
Copy Code |
DocumentRoot "/data/wwwroot/uk2.laojiang.me/"
ServerName uk2.laojiang.me:443
Sslengine on
Sslcertificatekeyfile/root/ssl/laojiang.me.key
Sslcertificatechainfile/root/ssl/new_laojiang_me.crt
|
Then find the above lines to edit the corresponding files.
| The code is as follows |
Copy Code |
Service httpd Restart
|
It can take effect after reboot.
Third, Nginx Environment installation SSL Certificate
If our VPS server environment is NGINX site environment, then we need to follow the following methods to install SSL.
1, edit the current Web site configuration file
The main is to the following several files, we correspond to their own changes.
| The code is as follows |
Copy Code |
Listen 80;
Listen 443 SSL;
SSL on;
SSL_CERTIFICATE/USR/LOCAL/NGINX/CONF/LAOBULUO.COM.CRT;
Ssl_certificate_key/usr/local/nginx/conf/laobuluo.com.key;
Ssl_session_timeout 10m;
server_name laobuluo.com www.laobuluo.com;
Access_log/home/wwwlogs/laobuluo.com_nginx.log combined;
Index index.html index.htm index.php;
if ($host!= ' laobuluo.com ') {
Rewrite ^/(. *) $ https://laobuluo.com/$1
permanent;
}
Include wordpress.conf;
root/home/wwwroot/laobuluo.com;
|
2, upload the corresponding SSL certificate file
We need to upload key and CRT files to the above path, where I'm using/usr/local/nginx/conf, if we are other paths as long as the above configuration files are modified.
3, restart Nginx effective
| The code is as follows |
Copy Code |
Service Nginx Reload
|
Four, SSL certificate installation Nginx, Apache environment summary
above the old Chiang to install SSL certificates to the Nginx and Apache site environment, the basic function is implemented, and some details need to be supplemented, such as cache time, 301 jump compatibility issues. These installation tutorials are all we need to use, even if the Chinese site is not necessary, but must be used in the future, if it is English web site, the proposal or use of SSL, it is said that the effect will be better than the same kind of no SSL certificate, we try it well
