After purchasing the Alibaba Cloud CA certificate, how to configure apache and nginx-PHP Tutorial-php.cn

After purchasing the Alibaba Cloud CA certificate, how to configure apache and nginx

PHP中文网

Release： 2016-07-28 08:26:52

Original

1181 people have browsed it

How do I configure the digital certificate I obtained in my own Apache?

Digital certificates applied for through Certificate Service can be configured into various web service containers in the usual way, but some digital certificates come with certificate chains. When configuring in apache, you need to pay attention to the following:

1. Check your Does the digital certificate have a certificate chain? Use a text editor to open your digital certificate (for example: mycert.pem). If there is the following information (there are three BEGIN CERTIFICATE paragraphs):

-----BEGIN CERTIFICATE-----
xxxxx......
-----END CERTIFICATE-----
 
-----BEGIN CERTIFICATE-----
xxxxx......
-----END CERTIFICATE-----
 
-----BEGIN CERTIFICATE-----
xxxxx......
-----END CERTIFICATE-----

Copy after login

Then it means that your digital certificate is an inclusive certificate. chain.

2. Separate the certificate chain

You need to open the digital certificate with a text editor and copy the last two paragraphs of certificate information (the last two paragraphs -----BEGIN CERTIFICATE-----) to new text , save as

mycert_chain.crt。

Copy after login

3. Modify the file name

and change the name of the original certificate file to mycert.crt, so that you have two files, namely the original certificate file mycert.crt and the certificate chain file

mycert_chain.crt。

Copy after login

4. Configure apache

Configure in the apache configuration file:

.....
SSLEngine On SSLCertificateFile conf/ssl.crt/mycert.crt SSLCertificateKeyFile conf/ssl.key/mycert.key SSLCertificateChainFile conf/ssl.crt/mycert_chain.crt......

Copy after login

Configuration instructions for https in ECS Nginx

https uses SSL encryption to communicate.

In Nginx, if you need to configure an HTTPS site, you need to open the module in the server configuration block and specify the location of the server-side certificate and key files. The important configuration is as follows:

server {    
listen              
443;    
server_name         
www.aliyun-test.com;   
ssl                 
on;
  ssl_certificate     /usr/local/nginx/conf/www.aliyun-test.com.pem;
ssl_certificate_key /usr/local/nginx/conf/www.aliyun-test.com.key;
       #以上三行为必须，在原配置中加上这三行即可，新版本的Nginx中ssl_protocols与ssl_ciphers不是必须
    
    ssl_protocols       
    SSLv3 TLSv1 TLSv1.1 TLSv1.2;    
    ssl_ciphers        
     HIGH:!aNULL:!MD5;    
     ...
     }

Copy after login

By default, "ssl_protocols SSLv3 TLSv1" and " ssl_ciphers HIGH:!aNULL:!MD5", so configuring them only made sense in previous versions. Starting from versions 1.1.13 and 1.0.12, Nginx uses "ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2" by default.

The above introduces how to configure apache and nginx after purchasing the Alibaba Cloud CA certificate, including relevant content. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!