Difference between revisions of "TLS Certificates Primer"
(Created page with "== Prerequisites == You will need to generate a private key, and a certificate signing request. DOMAIN=xw.is openssl genrsa -rand -genkey -out $DOMAIN.key 2048 openssl re...") |
(No difference)
|
Revision as of 12:49, 7 June 2018
Prerequisites
You will need to generate a private key, and a certificate signing request.
DOMAIN=xw.is openssl genrsa -rand -genkey -out $DOMAIN.key 2048 openssl req -new -key $DOMAIN.key -out $DOMAIN.csr
Send xw.is.csr to your certificate vendor and follow the instructions.
Prepare certificates for use
Your certificate vendor will give you a bunch of files. You need to concatenate them in order to use them in your web server. Order is essential. For example, for Comodo:
cat xw_is.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >../xw.is.crt
Configure your web server
Use xw.is.key and xw.is.crt in your web server. For example for nginx add this to your server block:
worker_processes 1; events { worker_connections 1024; } http { server { listen 443; server_name xw.is; ssl on; ssl_certificate /tank/nginx/tls/xw.is.crt; ssl_certificate_key /tank/nginx/tls/xw.is.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /usr/local/www/nginx; index index.html index.htm; } } }