Lately, more fashion went on a secure (https) Protocol. Almost all the major resources are already passed onto him. Try and we get your site via https protocol.
Here the question arises of where to take the certificates:
1) generate their own (self-signed)
3) generate free
The first paragraph is not necessary because the browser users will write "your connection is not protected by":
Failed to confirm that the server is "your site". The computer's operating system does not trust its security certificate.
The server may be configured incorrectly or someone trying to intercept your data.
The second option is needed for those who will use the Protocol for Commerce, or those who have a lot of extra money)
I chose option # 3. Googling found Office (https://startssl.com/), which issues certificates for free for a period of 1 year (then also you can iterate and relaunch).
Open in browser address: https://startssl.com/SignUp
Fill the form with your country and email and send verification code, which will come to your specified email address.
Enter the code you received, press the button, and the process of
then I see this window:
See the message that the certificate installed on your computer. Click the Login now button. And you should see the certificate selection dialog box:
If it does not appear it means that something went wrong, try then change your browser (although I did at Crome, Firefox, IE and it worked)
Once, login (incidentally better zabekapit′ certificate, in which case so that you can restore it:-)
Generation of certificates on startssl.com
So we decided to generate a certificate for the domain 984.ru. First, we need to confirm your ownership of the domain, click on the Validations Wizard
Choose Domain Validation
and click ' continue '
Enter the domain name and click ' continue '
choose what mailbox to send Verification Email and click Send Verification Code
The mail verification code comes, enter it in field Verification code and click Validation
In case of success, see:
Immediately can push the button-To Order an SSL Certificate "
In this step, enter the subdomain name (free is only 1), for example www.984.ru or mail.984.ru (depending on your needs)
as well as the need to enter the Certificate Signing Request (CSR)
For this there are three options:
- StartComTool.exe to generate the CSR-here you need to download the program and produce generation with its help.
- Generated by IE Browser to get. PFX format certificate generation using Internet Eksplojera.
- Generated by a PKI system (I chose this option), you must select and key length:
- 2048 (Medium)
- 4096 (High) (select it:-))
Enter your secret phrase Private key password: (and again below)-memorize it. Click Submit
The process goes: Is generating the private key, please waiting …
When the private key sgeneritsâ, a pop-up window to Download the private key
And offers you either copy or download the private key (ssl.key)-here you like:-)
When you have saved yourself this key, then click Submit peresprosât again you have saved the key whether you click Yes.
Then see a message stating that the certificate you ready
Click on "here" and download archive, which archives with certificates for different cases. If you click on the Certificate List, you will see a list of all your certificates (as well as their date of validity).
Do not forget to renew them on time in the future:-)
If you are after a domain validation long thought, then you will have to log in again, but then you can right click the Certificates Wizard and again issue the certificate.
To our private key from-BEGIN ENCRYPTED PRIVATE KEY-became-BEGIN RSA PRIVATE KEY-
- can use the console command "openssl openssl rsa-in ssl.key-out ssl_984.key
- or use a service on this website (https://startssl.com/ToolBox/DecryptPrivateKey)
there all just
kopipastim Enter Private Key, enter a password, click Decrypt and copy itself from the bottom of the key.
Now we need to install certificates on the server.
Installing certificates on the Web server
As I mentioned above in the archive with certificates (for now) 4 zip archive: ApacheServer.zip, IISServer.zip, NginxServer.zip, OtherServer.zip.
Choose depending on which server you use. I'm using Nginx, so take NginxServer.zip, raspakovyvaû it.
Copy our private key on the server (here depends on what control panel do you use).
For example, I placed the certificate and private key in the folder/etc/nginx/ssl
Left to write this thing in nginx config like this:
ssl_protocols TLSv1 TLSv1.1 TLSv 1.2;
ssl_ciphers ALL:! DH:! Export:! Rc4: + HIGH: + MEDIUM:! LOW:! aNULL:! eNULL;
Save config, check its
Service nginx configtest
If everything is OK, then reload
Service nginx reload
can try open in browser our site through the protected Protocol:-)