How to solve Nginx-based SSL certificate configuration problems

Source: Internet
Author: User
Tags ssl certificate startssl
I did not use the self-issued SSL certificate here, because it is not trusted by the browser, of course, did not purchase: D. The StartSSL free certificate is used and is valid for one year. The certificate application is not detailed here. you only need to register a user at StartSSL. COM to apply for the certificate. you need to enter the personal information for verification.

I did not use the self-issued SSL certificate here, because it is not trusted by the browser, of course, did not purchase: D. The StartSSL free certificate is used and is valid for one year. As for the certificate application, it is not detailed here, as long as it reaches StartSSL. you can apply to register a user at COM. you need to provide more details when entering your personal information. the first time you did not complete the information, you will receive a StartSSL email in a few minutes, saying that you need to complete it. After directly returning the complete personal information to that information, you will return to the confirmation mailbox of StartSSL within a few minutes. : P here, their services are quite good.
After you complete the steps required by StartSSL, you will get the ssl. crt and ssl. key files, upload them to a directory on your server, and then perform the following operations:
Wget http://cert.startssl.com/certs/ca.pem wget http://cert.startssl.com/certs/sub.class1.server.ca.pemcat ca. pem sub. class1.server. ca. pem> ca-certs.crtcat ca-certs.crt> ssl. then you can start configuring nginx. nginx is provided here. the added content of conf is my txp. name to open the knife
Server {listen 80; server_name txp. name www. txp. name; # rewrite ^ /(.*) https://txp.name/ $1 permanent; if ($ http_user_agent ~ * [^ Baiduspider | bing | yahoo | msnbot | soso | sogou | iaskspider | yodao]) {rewrite ^ (.*) https://www.txp.name $1 permanent ;}} server {listen 443; server_name txp. name www. txp. name; index index.html index.htm index. php; root/jiaozhu/htdocs/blog; ssl on; ssl_certificate/usr/local/nginx/ssl. crt; ssl_certificate_key/usr/local/nginx/ssl. key; # limit_conn crawler 20; location ~. *. (Php | php5 )? $ {# Fastcgi_pass unix:/tmp/php-cgi.sock; fastcgi_pass 127.0.0.1: 9000; fastcgi_index index. php; include fcgi. conf;} location ~. *. (Gif | jpg | jpeg | png | bmp | swf) $ {expires 30d;} location ~. *. (Js | css )? $ {Expires 1 h;} if (-f $ request_filename/index.html) {rewrite (. *) $1/index.html break;} if (-f $ request_filename/index. php) {rewrite (. *) $1/index. php;} if (! -F $ request_filename) {rewrite (. *)/index. php;} log_format access $ remote_addr-$ remote_user [$ time_local] $ request $ status $ response $ http_referer $ http_user_agent $ http_x_forwarded_for; access_log/jiaozhu/logs/access. log access;} set txp. you can change the name to your domain name. here, I want to use ssl forcibly.

Use nginx-t for nginx. conf to check. here I am reporting an error (SSL: error: 0906D066: PEM routines: PEM_read_bio: bad end line). This is because ssl is merged. there is a problem with crt. more ssl. the crt can see a row ----- end certificate--begin certificate -----, but the standard format should be ----- end certificate--BEGIN CERTIFICATE ----- correct and then re-use nginx-t to check that it is normal. Use nginx-s reload to restart nginx.

I checked that both firefox and chrome are normal, but ie does not have a style. My solution is to execute the following sentence UPDATE 'typecho 'in the database '. 'typecho _ option' SET 'value' = https://txp.name WHERE 'typecho _ options '. 'name' = siteUrl you can access txp. name to see the effect

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.