Hello HTTPS

Hello, It’s takeken.

Finally, I try change http to https. I use Nginx and trouble a little, but I’m able to be completed! For nginx prepare a private key to Nginx Path.

How to create CSR

Let’s create a rand.dat

# /usr/bin/openssl md5 * > key/rand.dat

Using the rand.dat, and create a Private key.
In the case of Nginx, Key phrases don’t setup.

# /usr/bin/openssl genrsa -rand key/rand.dat -des3 2048 > key/serverkey.pem
# cp key/serverkey.pem key/serverkey.pem.org
# /usr/bin/openssl rsa -in key/serverkey.pem.org -out key/serverkey.pem

It’ll generate a CSR with Private key.

# /usr/bin/openssl req -new -key key/serverkey.pem -out csr/vincentina.pem

Well, Where do you try to SSL.
I apply for a rapid SSL from Sakura Internet because I’ve been using Sakura Cloud.
It’s during a discount campaign now. I thought that it was over, but It has still continued.
Sakura Internet campaign page

After a while, after end of application is received mail from Sakura Internet.

Let’s upload “FQDN/key” 

You have done work of above and you wait a moment, so that it’s received a certificate. In the case of Nginx, Certificate and CA certificate a need to be in one.
Like this.

-----BEGIN CERTIFICATE-----
Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate Certificate
-----END CERTIFICATE-----

And then, we must set up ssl.conf.
I was created by adding both reverse proxy and HHVM setting to SampleSSL.conf file.

 /etc/nginx/conf.d/example_ssl.conf

It seems no problem.
It was a response speed of website I was worried, but it doesn’t feel to be slow.
Great!

It’s the finishing.

I was set the redirection in ssl.conf of Nginx , and write URL setting as https of WordPress.
Caution: You remember release 443 port iptables!!!

"nginx.conf"
return 301 https://$host$request_uri;

"iptables"
-A INPUT -p tcp --dport 443 -j ACCEPT
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https

How was it?
Have a good day!

These are references.

server-world

geotrust support site

Sakura Internet support site

Similar Posts:


Leave a Reply

Your email address will not be published. Required fields are marked *