installation method, the old Chiang has not yet used to win the VPS server, in the future if there is contact to win the deployment of the server, can be shared separately.
V. Trustasia DV SSL certificate request and summary
1, Tencent Cloud provides a free 1-year DV SSL certificate application is relatively simple, about 10 minutes can b
.
If this process in turn, let the server trust the client, the server uses the client's public key encryption after the data back to the client, in fact, it can be done, the principle and implementation are similar to one-way authentication.
Server-side Trust client operations are often accompanied by the client authentication service side process, so that the server trust client SSL authentication method is often referred to as
, HTTP access is redirected to HTTPS.
The main structure diagram described in this article is as follows:
The client accesses the Nginx domain name zhyongfeng.com, then performs load balancing on Nginx, and returns the https response. Shows the WepApi microservice architecture of the SSL Certificate of the Nginx cluste
directly first with the domain name with DNS.
Third, let ' s encrypt free SSL certificate acquisition and application
After we complete the generation of Let's encrypt certificate, we will have 4 files in the "/etc/letsencrypt/live/laozuo.org/" domain name directory that are the generated key certificate files.
Cert.pem-apache Server-Side CertificateChain.pem-apache root certificate and relay certificateSs
the website says 1M can store about 4,000 sessions. Refer to the question and answer ssl_session_cache on serverfault in detail.
Ssl_session_timeout: The client can reuse the expiration time of the SSL parameter in the session cache, the intranet system defaults to 5 minutes is too short, can be set to 30m, 30 minutes or even 4h.
Setting longer keepalive_timeout can also reduce the cost of requesting SSL
Environment Introduction
1.nginx Server: 10.10.54.157
2. Configure the Nginx server, and when you hear from the client www.zijian.com:80 request, go to 10.10.54.150:1500 on this Web server
3. Configure Nginx server to support SSL encrypted transport protocol
Generate the required certificate file for
./letsencrypt-auto certonly --standalone --email admin@***.com -d ***.com -d www.***.com
Then execute the above script. We need to replace the domain name with the one we need to deploy based on the actual site conditions.
I use the nginx proxy server.
Pay attention: If nginx cannot generate a certificate when it is started, disable nginx and execute the above sc
free tool automatically deployed to the VPS server, as well as the Cpanel panel virtual host. In this article, the old left is ready to share the Encrypt certificate process using the Certbot tool to deploy the Let ' s.
First, Certbot official website and select deployment version
The code is as follows
Copy Code
Website address: https://certbot.eff.org
Here we can
for:obtain an SSL certificateIn order to serve BigBlueButton through HTTPS, you need to a valid SSL certificate. A domain validated (sometimes called "Class 1") certificate with a 2048 bit RSA key and SHA-256 checksum are the current re commended minimum, and it should be sufficient.There is a number of providers that is could obtain a certificate from. Many domain name Sales companies also offer certifica
/xxx_com.CRT; Ssl_certificate_key/var/www/conf/server.Key;} server {Listen80; server_name xxx. com www.xxx.com; Rewrite^ (. *) https://$server _name$1 Permanent;}4. How the certificate is permanently valid, the first to buy commercial authorization, hundreds of knives a year, the second kind of free, short timehttps://www.startssl.com/go to this website to register an account, and then verify the certificate of the domain name you want to generateClic
certificate configuration, using Api.bz_nopass.key, in the boot Nginx is not required to enter the SSL certificate password, and use Api.bz.key need to enter the password:
Referencing the server{server_name sms.api.bz;Listen 443;Index index.html index.htm index.php;root/data0/htdocs/api.bz;SSL on;Ssl_certificate API.BZ.CRT;Ssl_certificate_key Api.bz_nopass.key;.
Earlier this year Baidu search has been fully implemented HTTPS mode, and claimed to have been able to crawl HTTPS Web page, compared to Google has already supported the capture of HTTPS in the early years, although Baidu is a bit late, but now still has, but also some people discuss about HTTPS mode baidu Google seo impact, Although no one has given the actual test data, but Baidu Total station HTTPS mode can more or less explain Baidu's current attitude to the HTTPS site! And then cut to the p
1, Nginx configuration SSL ModuleThe default nginx is no SSL module, and my VPS is installed by default Nginx 0.7.63, incidentally, the Nginx upgrade to 0.7.64 and configure the SSL mod
Waotong free SSL Certificate
Search Baidu for "use OpenSSL to generate Certificates". Baidu found about 74,500 related results for you. Are there so many people looking for free SSL certificates and using OpenSSL to generate self-signed certificates?
Waotong's online promotion should be enhanced! How many webmasters se
)
③ Modify nginx Configuration
Listen 443;SERVER_NAME Zou. Lu;Index index.html index.htm index. php;Root/home/zoulu;Error_page 404 403 http://zou.lu;
SSL on;Ssl_certificate/root/zoulu/zou_lu.crt;Ssl_certificate_key/root/zoulu/zoulukey. pem;
Other configuration information is the same as that of a common site.Iv. Access test results
In Firefox English version/Chrome/Opera/Safari/IE 6, 7, 8 under all
Search Baidu for "use OpenSSL to generate Certificates". Baidu found about 74,500 related results for you. Are there so many people looking for free SSL certificates and using OpenSSL to generate self-signed certificates?
Waotong's online promotion should be enhanced! How many webmasters search for her in the crowd, how many night lights to stand up...
Waotong free
Search Baidu for "use OpenSSL to generate Certificates". Baidu found about 74,500 related results for you. Are there so many people looking for free SSL certificates and using OpenSSL to generate self-signed certificates?
Waotong's online promotion should be enhanced! How many webmasters search for her in the crowd, how many night lights to stand up...
Waotong free
open it directly with Notepad, and then copy all the contents of the POSITIVESSLCA.CRT to the bottom of the zou_lu.crt.
(Source: http://www.lsproc.com/blog/nginx_ssl_config/)
③, modifying Nginx configuration
Listen 443;
server_name zou.lu;
Index index.html index.htm index.php;
Root/home/zoulu;
Error_page 404 403 http://zou.lu;
SSL on;
SSL_CERTIFICATE/ROOT/ZOULU/ZOU_LU.CRT;
SSL_CERTIFICATE_KEY/ROOT/ZOUL
Free SSL certificate, https://www.startssl.com/Installing to IIS differs from Nginx. Original http://blog.newnaw.com/?p=1232------------Transferred from http://blog.newnaw.com/?p=1232-----------------------Key part RedIf a Web site needs to provide HTTPS encrypted access, you must have a valid SSL certificate to prove
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.