Important matters:
Generate your private key at the same time as the CSR file is generated, and if you lose the private key or forget the private key password, the certificate is issued to you and cannot be installed successfully! You must regenerate the private key and the CSR file and reissue the new certificate for free. To avoid this situation, be sure to back up the private key file and remember the private key password after you generate the CSR, preferably by not moving the server before you receive the certificate. "OpenSSL" is used to generate private keys and CSR,OPENSSL are generally installed under/user/bin, if your system is installed in a different directory, specify the correct directory path. All of the following commands assume that you have successfully installed OpenSSL, will produce a 1024-bit key, the encryption algorithm takes 3DES, and you must name the key file using the domain name that you want to request an SSL certificate.
Generate the private key, this command will generate a 1024-bit RSA private key, the private key file name is: Www.yilexun.com.key, will prompt you to set the private key password, please set the password, and remember !
1024
Generate a certificate request file (Certificate Signing REQUEST,CSR)
OpenSSL req-newkey RSA:2048 -keyout yilexun.com.key-out YILEXUN.COM.CSR
This command will prompt you to enter the field information required by the certificate of the "GB/a", including the country (China Tim CN), province, city, organization name, organizational unit name (you may not fill in the direct carriage return). Please note: Except the national abbreviation must fill the CN, the rest can be in English or Chinese. Please enter the domain name of the SSL certificate you want to request, if you need to request an SSL certificate for www.domain.com, you cannot enter only domain.com. The SSL certificate is strictly bound to the domain name. Please do not enter the email, password (challenge password) and optional company name, you can directly enter. You have now successfully generated the key pair, the private key file: Www.yilexun.com.key saved in your server, please put the CSR file: WWW.YILEXUN.COM.CSR to Certificate Services company (such as Startssl), each meaning is as follows:
Country Name (2 letter code): Use the International Standard Organization (ISO) Country code format, fill in 2 letters country code. China please fill in CN. State or province name: province, such as fill shanghailocality name (eg, city): cities, such as fill in Shanghaiorganization name (eg, company ): organizational units, such as the Pinyin organizational unit name (eg, section), for example: Fill it deptcommon name (eg, your websites domain name): Exercise SSL The encrypted web site address. Please note that this does not refer to your domain name alone, but rather the name of the website that uses SSL directly, for example: pay.abc.com. A website is defined here: ABC.com is a website; www.abc.com is another site; pay.abc.com is another website. Email address: E-mail addresses, can not fill a challenge password: Can not fill in an optional company name: Can not fill
Pending
nginx-Build HTTPS Server