Translate site to https protocol

Lately, more fashion went on a secure (https) Protocol. Almost all the major resources are already passed onto him. Try and we get your site via https protocol.

Here the question arises of where to take the certificates:

1) generate their own (self-signed)

2) buy

3) generate free

The first paragraph is not necessary because the browser users will write "your connection is not protected by":
Failed to confirm that the server is "your site". The computer's operating system does not trust its security certificate.

The server may be configured incorrectly or someone trying to intercept your data.

The second option is needed for those who will use the Protocol for Commerce, or those who have a lot of extra money)

I chose option # 3. Googling found Office (, which issues certificates for free for a period of 1 year (then also you can iterate and relaunch). registration

Open in browser address:

Here you can select the language Panel (currently 4 available languages).

Fill the form with your country and email and send verification code, which will come to your specified email address.


Enter the code you received, press the button, and the process of


then I see this window:


See the message that the certificate installed on your computer. Click the Login now button. And you should see the certificate selection dialog box:


If it does not appear it means that something went wrong, try then change your browser (although I did at Crome, Firefox, IE and it worked)

Once, login (incidentally better zabekapit′ certificate, in which case so that you can restore it:-)

Generation of certificates on

So we decided to generate a certificate for the domain First, we need to confirm your ownership of the domain, click on the Validations Wizard


Choose Domain Validation


and click ' continue '


Enter the domain name and click ' continue '


choose what mailbox to send Verification Email and click Send Verification Code


The mail verification code comes, enter it in field Verification code and click Validation

In case of success, see:


Immediately can push the button-To Order an SSL Certificate "

In this step, enter the subdomain name (free is only 1), for example or (depending on your needs)


as well as the need to enter the Certificate Signing Request (CSR)

For this there are three options:

  1. StartComTool.exe to generate the CSR-here you need to download the program and produce generation with its help.
  2. Generated by IE Browser to get. PFX format certificate generation using Internet Eksplojera.
  3. Generated by a PKI system (I chose this option), you must select and key length:
  • 2048 (Medium)
  • 4096 (High) (select it:-))


Enter your secret phrase Private key password: (and again below)-memorize it. Click Submit

The process goes: Is generating the private key, please waiting …

When the private key sgeneritsâ, a pop-up window to Download the private key


And offers you either copy or download the private key (ssl.key)-here you like:-)

When you have saved yourself this key, then click Submit peresprosât again you have saved the key whether you click Yes.

Then see a message stating that the certificate you ready

Click on "here" and download archive, which archives with certificates for different cases. If you click on the Certificate List, you will see a list of all your certificates (as well as their date of validity).
Do not forget to renew them on time in the future:-)


If you are after a domain validation long thought, then you will have to log in again, but then you can right click the Certificates Wizard and again issue the certificate.


  • can use the console command "openssl openssl rsa-in ssl.key-out ssl_984.key
  • or use a service on this website (

there all just


kopipastim Enter Private Key, enter a password, click Decrypt and copy itself from the bottom of the key.

Now we need to install certificates on the server.


Installing certificates on the Web server

As I mentioned above in the archive with certificates (for now) 4 zip archive:,,,

Choose depending on which server you use. I'm using Nginx, so take, raspakovyvaû it.

Copy our private key on the server (here depends on what control panel do you use).

For example, I placed the certificate and private key in the folder/etc/nginx/ssl

Left to write this thing in nginx config like this:
SSL on;
ssl_protocols TLSv1 TLSv1.1 TLSv 1.2;
ssl_ciphers ALL:! DH:! Export:! Rc4: + HIGH: + MEDIUM:! LOW:! aNULL:! eNULL;

Save config, check its

Service nginx configtest

If everything is OK, then reload

Service nginx reload

can try open in browser our site through the protected Protocol:-)

Leave a comment

Your email address will not be published. Required fields are marked *