Digital certificates applied for through Certificate Service can be configured into various web service containers in the usual way, but some digital certificates come with certificate chains. When configuring in apache, you need to pay attention to the following:
1. Check your Does the digital certificate have a certificate chain? Use a text editor to open your digital certificate (for example: mycert.pem). If there is the following information (there are three BEGIN CERTIFICATE paragraphs):
-----BEGIN CERTIFICATE----- xxxxx...... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- xxxxx...... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- xxxxx...... -----END CERTIFICATE-----
Then it means that your digital certificate is an inclusive certificate. chain.
2. Separate the certificate chainYou need to open the digital certificate with a text editor and copy the last two paragraphs of certificate information (the last two paragraphs -----BEGIN CERTIFICATE-----) to new text , save as
mycert_chain.crt。
and change the name of the original certificate file to mycert.crt, so that you have two files, namely the original certificate file mycert.crt and the certificate chain file
mycert_chain.crt。
4. Configure apache
Configure in the apache configuration file:
.
..... SSLEngine On SSLCertificateFile conf/ssl.crt/mycert.crt SSLCertificateKeyFile conf/ssl.key/mycert.key SSLCertificateChainFile conf/ssl.crt/mycert_chain.crt......
.
https uses SSL encryption to communicate.
In Nginx, if you need to configure an HTTPS site, you need to open the module in the server configuration block and specify the location of the server-side certificate and key files. The important configuration is as follows:
server { listen 443; server_name www.aliyun-test.com; ssl on; ssl_certificate /usr/local/nginx/conf/www.aliyun-test.com.pem; ssl_certificate_key /usr/local/nginx/conf/www.aliyun-test.com.key; #以上三行为必须,在原配置中加上这三行即可,新版本的Nginx中ssl_protocols与ssl_ciphers不是必须 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ... }
By default, "ssl_protocols SSLv3 TLSv1" and " ssl_ciphers HIGH:!aNULL:!MD5", so configuring them only made sense in previous versions. Starting from versions 1.1.13 and 1.0.12, Nginx uses "ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2" by default.
The above introduces how to configure apache and nginx after purchasing the Alibaba Cloud CA certificate, including relevant content. For more related content, please pay attention to the PHP Chinese website (m.sbmmt.com)!