commente D out to leave a V1 CRLCRL = $dir/crl.pem # The current CRLPrivate_key = $dir/private/cakey.pem# the private keyRandfile = $dir/private/.rand # private random number file[Req_distinguished_name]CountryName = Country Name (2 letter code)Countryname_default = CNCountryname_min = 2Countryname_max = 2Stateorprovincename = State or province name (full name)Stateorprovincename_default = FJLocalityname = locality Name (eg, city)Localityname_default = FZ0.organizationName = Organization Name (
= $dir/crl.pem # the Current CRL Private_key = $dir/private/cakey.pem# the private key randfile = $dir/private/.rand # private Random Numbe R file [req_distinguished_name] countryname = Country name (2 letter code) Countryname_default = CN Countrynam E_min = 2 Countryname_max = 2 Stateorprovincename = State or province name (full Name) stateorprovincename_d Efault = FJ LocaLityname = locality name (eg, city) Localityname_default = FZ 0.organizationName = Organization name (eg, compa NY) 0.organ
Official reference documentation, including the SSL configuration for Apache, Nginx, and IIS:http://www.wosign.com/Docdownload/Instance one, configure HTTP to forward to HTTPS, a virtual host has two servers, some content use * * insteadNGX01 (10.66.**.**), Ngx02 (10.66.**.**)1, add the Sslkey folder in/etc/nginx, import the
. Free, 2. Although there is a validity period of 3 months, it can be automatically updated through scripts. 3. You do not have to register any account on the website of the other party. All the processes are done on the local machine.2. Environment
1. This article uses centos 7.2.1511 and kernel version 3.10.0;2. nginx has been installed. The version is nginx version:
, assuming your domain name is
Then, the concatenation command is
cat example_com.crt COMODORSADOMAINVALIDATIONSECURESERVERCA.CRT COMODORSAADDTRUSTCA.CRT addtrustexternalcaroot.crt > EXAMPLE_COM.SIGNED.CRT
Using Example_ in Nginx configuration COM.SIGNED.CRT
done at once. Download the script from here:
Run the script, assuming your domain name is www.test.com, then follow the prompts to enter:
Enter your domain [www.example.com]: www.test.com
Create server key
... Generating RSA private key, the 1024x768 bit long modulus ... ++++++ ....
e is 65537 (0x10001)------ C6/>enter Pass phrase for Www.test
above steps are cumbersome, so I made a shell script that can be done at once. Download the script from here:
Run the script, assuming that your domain name is www.test.com, then follow the prompts to enter:
Enter your domain [www.example.com]: www.test.com
Create server key ...
Generating RSA private key, 1024 bit long modulus ... ...
the script. If your domain name is www.111cn.net, follow the prompts to enter:$. /Gencert. sh Enter your domain [www.example.com]: www.111cn.net Create server key... generating RSA private key, 1024 bit long modulus ................. ++ ..... ++ e is 65537 (0x10001) Enter pass phrase for www.111cn.net. key: Enter the password Verifying-Enter pass phrase for www.111cn.net. key: enter the password Create server certificate signing request... enter pass
;return to Https://example.com$request_uri;}
Four, reliable Third-party SSL issuing agency
As we all know, some NIC agencies have burst into a scandal over the issuance of certificates for Google domain names, so it is important to select a reliable Third-party SSL issuer.
At present, the general market for small and medium-sized owners and enterprises of the SSL
1. Configure the SSL module for nginx
Nginx does not have an SSL module by default, while nginx 0.7.63 is installed in my VPs by default. The following describes how to upgrade nginx to 0.7.64 and configure the
Vincent. Windows Nginx Configuration SSL for HTTPS access (including certificate generation)Windows Nginx configuration SSL for HTTPS access (includes certificate generation)The first step is to explain why HTTPS is implemented.HT
Https is also an ssl certificate. We generally think that https is secure, but the credit chain system of the SSL certificate is not secure. In particular, man-in-the-middle attacks are equally feasible in some countries where you can control CA root certificates. In addition, when the client is implanted with countles
that, under the new Google search algorithm, the weight of the web page processed by "HTTPS" (HyperText Transfer security protocol)-adding an SSL security certificate to the web page will be improved, the weight of web pages that continue to adopt HTTP (Hypertext Transfer Protocol) will be relatively reduced. Therefore, this article mainly records how to add an ssl
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
and provide relevant evidence. A staff member will contact you within 5 working days.