Translate site to https protocol


Lately, more fashion went on a secure (https) Protocol. Almost all the major resources are already passed onto him. Try and we get your site via https protocol.

Here the question arises of where to take the certificates:

1) generate their own (self-signed)

2) buy

3) generate free

The first paragraph is not necessary because the browser users will write "your connection is not protected by":
Failed to confirm that the server is "your site". The computer's operating system does not trust its security certificate.

The server may be configured incorrectly or someone trying to intercept your data.

The second option is needed for those who will use the Protocol for Commerce, or those who have a lot of extra money)

I chose option # 3. Googling found Office (https://startssl.com/), which issues certificates for free for a period of 1 year (then also you can iterate and relaunch).

Startssl.com registration

Open in browser address: https://startssl.com/SignUp

starssl_1
Here you can select the language Panel (currently 4 available languages).

Fill the form with your country and email and send verification code, which will come to your specified email address.

starssl_2

Enter the code you received, press the button, and the process of

starssl_3

then I see this window:

starssl_4

See the message that the certificate installed on your computer. Click the Login now button. And you should see the certificate selection dialog box:

starssl_5

If it does not appear it means that something went wrong, try then change your browser (although I did at Crome, Firefox, IE and it worked)

Once, login (incidentally better zabekapit′ certificate, in which case so that you can restore it:-)

Generation of certificates on startssl.com

So we decided to generate a certificate for the domain 984.ru. First, we need to confirm your ownership of the domain, click on the Validations Wizard

starssl_6

Choose Domain Validation

starssl_7

and click ' continue '

starssl_8

Enter the domain name and click ' continue '

starssl_9

choose what mailbox to send Verification Email and click Send Verification Code

starssl_10

The mail verification code comes, enter it in field Verification code and click Validation

In case of success, see:

starssl_11

Immediately can push the button-To Order an SSL Certificate "

In this step, enter the subdomain name (free is only 1), for example www.984.ru or mail.984.ru (depending on your needs)

starssl_12

as well as the need to enter the Certificate Signing Request (CSR)

For this there are three options:

  1. StartComTool.exe to generate the CSR-here you need to download the program and produce generation with its help.
  2. Generated by IE Browser to get. PFX format certificate generation using Internet Eksplojera.
  3. Generated by a PKI system (I chose this option), you must select and key length:
  • 2048 (Medium)
  • 4096 (High) (select it:-))

starssl_13

Enter your secret phrase Private key password: (and again below)-memorize it. Click Submit

The process goes: Is generating the private key, please waiting …

When the private key sgeneritsâ, a pop-up window to Download the private key

starssl_14

And offers you either copy or download the private key (ssl.key)-here you like:-)

When you have saved yourself this key, then click Submit peresprosât again you have saved the key whether you click Yes.

Then see a message stating that the certificate you ready

starssl_15
Click on "here" and download archive, which archives with certificates for different cases. If you click on the Certificate List, you will see a list of all your certificates (as well as their date of validity).
Do not forget to renew them on time in the future:-)

starssl_16

If you are after a domain validation long thought, then you will have to log in again, but then you can right click the Certificates Wizard and again issue the certificate.

To our private key from-BEGIN ENCRYPTED PRIVATE KEY-became-BEGIN RSA PRIVATE KEY-

  • can use the console command "openssl openssl rsa-in ssl.key-out ssl_984.key
  • or use a service on this website (https://startssl.com/ToolBox/DecryptPrivateKey)

there all just

starssl_17

kopipastim Enter Private Key, enter a password, click Decrypt and copy itself from the bottom of the key.

Now we need to install certificates on the server.

 

Installing certificates on the Web server

As I mentioned above in the archive with certificates (for now) 4 zip archive: ApacheServer.zip, IISServer.zip, NginxServer.zip, OtherServer.zip.

Choose depending on which server you use. I'm using Nginx, so take NginxServer.zip, raspakovyvaû it.

Copy our private key on the server (here depends on what control panel do you use).

For example, I placed the certificate and private key in the folder/etc/nginx/ssl

Left to write this thing in nginx config like this:
SSL on;
ssl_certificate/etc/nginx/ssl/1_www.984.ru_bundle.crt;
ssl_certificate_key/etc/nginx/ssl/ssl_984.key;
ssl_protocols TLSv1 TLSv1.1 TLSv 1.2;
ssl_ciphers ALL:! DH:! Export:! Rc4: + HIGH: + MEDIUM:! LOW:! aNULL:! eNULL;

Save config, check its

Service nginx configtest

If everything is OK, then reload

Service nginx reload

can try open in browser our site through the protected Protocol:-)

Leave a comment

Your email address will not be published. Required fields are marked *