Difference between revisions of "TLS Certificates Primer"
(→Prerequisites) |
(→Prepare certificates for use) |
||
| Line 10: | Line 10: | ||
== Prepare certificates for use == | == Prepare certificates for use == | ||
| − | Your certificate vendor will give you a bunch of files. You need to concatenate them in order to use them in your web server. Order is essential. For example, for | + | Your certificate vendor will give you a bunch of files. You need to concatenate them in order to use them in your web server. Order is essential. For example, for DigiCert: |
| − | cat xw_is.crt | + | cat xw_is.crt DigiCertCA.crt TrustedRoot.crt >../xw.is.crt |
== Configure your web server == | == Configure your web server == | ||
Latest revision as of 12:31, 1 August 2023
Prerequisites
You will need to generate a private key, and a certificate signing request.
DOMAIN=xw.is openssl req -new -newkey rsa:2048 -nodes -keyout $DOMAIN.key -out $DOMAIN.csr
Send xw.is.csr to your certificate vendor and follow the instructions.
Prepare certificates for use
Your certificate vendor will give you a bunch of files. You need to concatenate them in order to use them in your web server. Order is essential. For example, for DigiCert:
cat xw_is.crt DigiCertCA.crt TrustedRoot.crt >../xw.is.crt
Configure your web server
Use xw.is.key and xw.is.crt in your web server. For example for nginx add this to your server block:
worker_processes 1;
events {
worker_connections 1024;
}
http {
server {
listen 443;
server_name xw.is;
ssl on;
ssl_certificate /tank/nginx/tls/xw.is.crt;
ssl_certificate_key /tank/nginx/tls/xw.is.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /usr/local/www/nginx;
index index.html index.htm;
}
}
}
