Aram Hăvărneanu 2018 6 7 2023 8 1 2025 7 23 https://xw.is/001I/ 001I /001I/ Miscellaneous › TLS Certificates Primer Aram Hăvărneanu 2018 6 7 2023 8 1 2025 7 23 Prerequisites You will need to generate a private key and a certificate signing request. DOMAIN=xw.is openssl req -new -newkey rsa:2048 -nodes -keyout $DOMAIN.key -out $DOMAIN.csr Send xw.is.csr to your certificate vendor and follow the instructions. Aram Hăvărneanu 2018 6 7 2023 8 1 2025 7 23 Prepare certificates for use Your certificate vendor will give you a bunch of files. You need to concatenate them in order to use them in your web server. Order is essential. For example, for DigiCert: cat xw_is.crt DigiCertCA.crt TrustedRoot.crt >xw.is.crt Aram Hăvărneanu 2018 6 7 2023 8 1 2025 7 23 Configure your web server Use xw.is.key and xw.is.crt in your web server. For example for nginx add this to your server block: worker_processes 1; events { worker_connections 1024; } http { server { listen 443; server_name xw.is; ssl on; ssl_certificate /tank/nginx/tls/xw.is.crt; ssl_certificate_key /tank/nginx/tls/xw.is.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /usr/local/www/nginx; index index.html index.htm; } } } Aram Hăvărneanu 2018 6 7 2023 8 1 2025 7 23 Alternatives Alternativelly, you might want to use Let's Encrypt. References Context Backlinks Related Contributions