Open main menu

Aram's Wiki β

Changes

TLS Certificates Primer

1,187 bytes added, 12:49, 7 June 2018
Created page with "== Prerequisites == You will need to generate a private key, and a certificate signing request. DOMAIN=xw.is openssl genrsa -rand -genkey -out $DOMAIN.key 2048 openssl re..."
== Prerequisites ==

You will need to generate a private key, and a certificate signing request.

DOMAIN=xw.is
openssl genrsa -rand -genkey -out $DOMAIN.key 2048
openssl req -new -key $DOMAIN.key -out $DOMAIN.csr

Send ''xw.is.csr'' to your certificate vendor and follow the instructions.

== Prepare certificates for use ==

Your certificate vendor will give you a bunch of files. You need to concatenate them in order to use them in your web server. Order is essential. For example, for Comodo:

cat xw_is.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >../xw.is.crt

== Configure your web server ==

Use xw.is.key and xw.is.crt in your web server. For example for nginx add this to your server block:
worker_processes 1;

events {
worker_connections 1024;
}

http {
server {
listen 443;
server_name xw.is;

ssl on;
ssl_certificate /tank/nginx/tls/xw.is.crt;
ssl_certificate_key /tank/nginx/tls/xw.is.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root /usr/local/www/nginx;
index index.html index.htm;
}
}
}