Home > Backend Development > PHP Tutorial > After purchasing the Alibaba Cloud CA certificate, how to configure apache and nginx

After purchasing the Alibaba Cloud CA certificate, how to configure apache and nginx

PHP中文网
Release: 2016-07-28 08:26:52
Original
1187 people have browsed it

How do I configure the digital certificate I obtained in my own Apache?

Digital certificates applied for through Certificate Service can be configured into various web service containers in the usual way, but some digital certificates come with certificate chains. When configuring in apache, you need to pay attention to the following:

1. Check your Does the digital certificate have a certificate chain? Use a text editor to open your digital certificate (for example: mycert.pem). If there is the following information (there are three BEGIN CERTIFICATE paragraphs):

-----BEGIN CERTIFICATE-----
xxxxx......
-----END CERTIFICATE-----
 
-----BEGIN CERTIFICATE-----
xxxxx......
-----END CERTIFICATE-----
 
-----BEGIN CERTIFICATE-----
xxxxx......
-----END CERTIFICATE-----
Copy after login

Then it means that your digital certificate is an inclusive certificate. chain.

2. Separate the certificate chain

You need to open the digital certificate with a text editor and copy the last two paragraphs of certificate information (the last two paragraphs -----BEGIN CERTIFICATE-----) to new text , save as

mycert_chain.crt。
Copy after login
Copy after login

3. Modify the file name

and change the name of the original certificate file to mycert.crt, so that you have two files, namely the original certificate file mycert.crt and the certificate chain file

mycert_chain.crt。
Copy after login
Copy after login

4. Configure apache

Configure in the apache configuration file:

.

.....
SSLEngine On SSLCertificateFile conf/ssl.crt/mycert.crt SSLCertificateKeyFile conf/ssl.key/mycert.key SSLCertificateChainFile conf/ssl.crt/mycert_chain.crt......
Copy after login


.


Configuration instructions for https in ECS Nginx

https uses SSL encryption to communicate.

In Nginx, if you need to configure an HTTPS site, you need to open the module in the server configuration block and specify the location of the server-side certificate and key files. The important configuration is as follows:

server {    
listen              
443;    
server_name         
www.aliyun-test.com;   
ssl                 
on;
  ssl_certificate     /usr/local/nginx/conf/www.aliyun-test.com.pem;
ssl_certificate_key /usr/local/nginx/conf/www.aliyun-test.com.key;
       #以上三行为必须,在原配置中加上这三行即可,新版本的Nginx中ssl_protocols与ssl_ciphers不是必须
    
    ssl_protocols       
    SSLv3 TLSv1 TLSv1.1 TLSv1.2;    
    ssl_ciphers        
     HIGH:!aNULL:!MD5;    
     ...
     }
Copy after login

By default, "ssl_protocols SSLv3 TLSv1" and " ssl_ciphers HIGH:!aNULL:!MD5", so configuring them only made sense in previous versions. Starting from versions 1.1.13 and 1.0.12, Nginx uses "ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2" by default.

The above introduces how to configure apache and nginx after purchasing the Alibaba Cloud CA certificate, including relevant content. For more related content, please pay attention to the PHP Chinese website (m.sbmmt.com)!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template