Some answers to HTTPS questions

PHP write the website How to use HTTPS access, specifically how to

This is not related to what language to write the site, you can apply for a fast SSL certificate, a year is dozens of.

Turn on the Apache server SSL, make a free SSL certificate or apply for one.

Installing an SSL certificate under Linux+apache

Reference Address: http://www.zzidc.com/main/help/showMenu/51_49.html

First, the Apache installation SSL certificate requires three configuration files

Warm tip: Before installing the certificate, please back up the server configuration file you need to modify

1_ROOT_BUNDLE.CRT, 2_DOMAINNAME.COM.CRT, 3_ Domainname.com.key.

Note: These three files are in folder for Apache.zip, where domainname.com is your domain name, 2_ DOMAINNAME.COM.CRT is the public key, and 3_domainname.com.key is the private key. (File suffix CRT and CER are of the same nature)

Second, installation certificate

1. Modify the httpd.conf file under Apache.
(1) Open the httpd.conf file in the Conf directory under the Apache installation directory to find
#LoadModule Ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
(2) Delete the configuration statement comment symbol "#" at the beginning of the line and save the exit.
2. Modify the Apache Httpd-ssl file.
(1) Open the httpd-ssl.conf file in the Conf/extra directory under the Apache installation directory and look for the following configuration statement in the configuration file:
a). Sslcertificatefile/usr/local/apache/ssl/public.cer

(The server Certificate public key (2_DOMAINNAME.COM.CRT) is configured to the path, and the PUBLIC.CRT is replaced);

b). Sslcertificatekeyfile/usr/local/apache/ssl/private.key

(Configure the server Certificate private key (3_domainname.com.key) to this path, replacing Private.key);

c). #SSLCertificateChainFile/usr/local/apache/ssl/ca.cer

(Delete the "#" comment at the beginning of the line and configure the intermediate CA certificate (1_root_bundle. crt) to the path).

D) Add the following code to any location to specify the SSL encryption protocol

Sslprotocol All-sslv2-sslv3

Sslciphersuite aesgcm:all:! Dh:! export:! rc4:+high:! medium:! Low:!anull:!enull

(2) Save exit and restart Apache. Restart mode:
Go to the Bin directory under the Apache installation directory and run the following command
./apachectl-k Stop
./apachectl-k Start
Access your site over HTTPS to test the installation configuration of the site certificate.

three . Local testing
1. If the local test, do local resolution access: Open the system disk: \windows\system32\drivers\etc\hosts file, modified with a text editor, the certificate binding domain name resolution to the local IP.

2. Access the domain name of the https://+ certificate binding and test the results as follows:

Note: After deployment, if the website can not be accessed through HTTPS, you can confirm that the server 443 port is open or blocked by acceleration tools such as website defender.
(1) Open method: Firewall Settings-Exception port-add 443 port (TCP).
(2) If blocked by the Security or acceleration tool, you can add 443 to the trust list in the interception record.
After rebooting, re-access via HTTPS.

Four. Install Safety seal

The global trusted website Security seal is a dynamically displayed identity (including real time during website access), is not a static picture, is non-replicable and non-counterfeit and can only be used on certified websites. Click on the certification logo, you can display the site owner's certification information, otherwise, it is not legal use of the certification mark. At present, the certification seal to support the use of OV-level certificates, after you purchase the King Ann SSL certificate, will be free to have a visual display of your website certification information of the Trusted Website security certification logo, can greatly enhance the user's online trust, promote more online transactions. Therefore, it is recommended that you install a successful SSL certificate, immediately on the homepage and other pages of the site to add the following code to dynamically display the trusted Website security certification identity.

Install Chinese Seal

If you want to display the authentication logo on the Chinese page, add the following code to the Chinese page:

<script language= "JavaScript" type= "Text/javascript" src= "Https://seal.wosign.com/tws.js" ></SCRIPT>

Install English signature

If you want to display the authentication logo on the Chinese page, add the following code to the English page:

<script language= "JavaScript" type= "Text/javascript" src= "Https://seal.wosign.com/tws-en.js" ></script >

Five . Backup of SSL Certificates

Please save the received certificate compressed package file and password in case of loss.

Some answers to HTTPS questions