@IM is a timely communication system developed for the purpose of facilitating the impression search network. Now I'm going to open up a column to write about the dots I've been experiencing in developing this site. This is the first article: Free HTTPS certificate.
Free HTTPS certificate Online search, basically positioning start SSL This HTTPS certificate service provider, mainly according to the following blog to apply for a certificate:
http://www.freehao123.com/startssl-ssl/
According to the blog guidelines, to apply for a certificate, mainly including two files:
im.impress-ssl.keyim.impress-ssl.crt
The application of the Im.impress-ssl.key is to include the password information in the inside, can not be used directly, in the use of Nginx authentication, it is necessary to enter the password, the start nginx because the password can not be started, will lead to failure, so need to remove the password information:
OpenSSL RSA- in Im.impress-ssl.key-out unpass-im.impress-ssl.key
This is basically possible, but, Start SSL will be in Firefox, Opera, IE will report the certificate does not recognize the error, only chrome can recognize, according to the following article, Http://www.gaojinbo.com/nginx-https-%E5 %85%8d%e8%b4%b9ssl%e8%af%81%e4%b9%a6%e9%85%8d%e7%bd%ae%e6%8c%87%e5%8d%97.html
==============2009/11/26 update===================
In STARTSSL forum See official said firefox3.5 not support is because not configured. After the configuration resolved Firefox 3.5 does not trust the issue of the certificate, Ubuntu Studio under test passed.
The step is: Get Https://www.startssl.com/certs/ca.pem
Get Https://www.startssl.com/certs/sub.class1.server.ca.pem
Cat Ca.pem Sub.class1.server.ca.pem >> CA-CERTS.CRT
Cat Ca-certs.crt >> Security.cer
All actions performed:
wget https://www.startssl.com/certs/ca.pemwget https:// Www.startssl.com/certs/sub.class1.server.ca.pemcat ca.pem sub.class1.server.ca.pem >> ca- certs.crt# is the information to add the Start SSL service cat ca-certs.crt >> IM.IMPRESS-SSL.CRT
Add SSL to Nginx server:
Server { listen 443 SSL; server_name IM.IMPRESS.PW; Root im_root; Index index.htm; Ssl_certificate SSL/im.impress-ssl.crt; Ssl_certificate_key SSL/unpass-im.impress-Ssl.key; Ssl_session_cache shared:ssl:1m; Ssl_session_timeout 5m; Ssl_ciphers High :!anull:! MD5; Ssl_prefer_server_ciphers on ;.}
Restart nginx,ok!
@IM website record (i) = "Free HTTPS certificate"