Big rise up! – Enable https(SSL)

Author: Calf < https://www.calf.one >

https will be a mainstream website protocol , as a  fellow traveller and diao, I love the free lunch , so I found the StartSSL free SSL, the official website is : https://www.startssl.com/

Calf’s tip: Cliek the thumbs can view the big size picture

• Select “Start Now for Free SSL Certificate”

• New user select “Sign up”;

• Select your country and input your email address and then click Sent verification code ,the system will send you a Verification code.

• Copy the verification code to the StartSSL dialog and click Verification. StartSSL will install the browser certificate.

• And then choose certificate . “Click here to choose your certificate.”

• Select “Web Server SSL/TLS Certificate” — > ” Continue “

• Click “Domain Validation“

• Input your domain  –> “Continue”

• The STARTSSL will check your email when you registered the domain. Select one  —>“Send Verification Code”, goto your mailbox, copy verification code to the web dialog –> “Validation ”.

•  To “Order SSL Certificate”

• In the domain list “Validated domain(s)” input your sub domains. Not support *.domain.com , maximum domain is 5.

Begin create private key: SSH into linux host, run command: openssl req -newkey rsa:2048 -keyout yourname.key -out yourname.csr

“Enter PEM pass phrase:”  # input password

• Input the information what you need

[email protected]:/home/calf# openssl req -newkey rsa:2048 -keyout calf.key -out calf.csr
Generating a 2048 bit RSA private key
..+++
……………………………………………………………………………………………………………………+++
writing new private key to ‘calf.key’
Enter PEM pass phrase:

Verifying – Enter PEM pass phrase:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [AU]:CN #Country
State or Province Name (full name) [Some-State]:GuangDong #Province
Locality Name (eg, city) []:ShenZhen #城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Calf Blog
Organizational Unit Name (eg, section) []:Calf Blog
Common Name (e.g. server FQDN or YOUR name) []:Calf
Email Address []:[email protected]

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:Calf.one
An optional company name []:

• Then, it will create two files in my folder : calf.key , calf.csr. Open file calf.csr , copy the content to StartSSL web diaglog –>“Submit”.

• StartSSL will create the certificates, –> Click HERE  “please click here ” download certificates.

• We will get a zip file, it contains different server certificates.  My server is Apache, uncompress  the Apache archive(1_root_bundle.crt, 2_www.domain name.crt), and upload them to my web host.

• There is an important step “decrypt private key” , go to StartSSL ToolBox, select “Decrypt Private Key” .

• Open the step 1 of file calf.key, copy the content to StartSSL web dialog, and input your password for “Passphrase:” –> click  “Decrypt”.

• Copy the content of decrypted and past to a new file and save it, then upload to web host.In the best, we’d better create new file on our web host via vi.

• Then enable apache SSL moudle, command: a2enmod ssl
• modify apache SSL configuration file: /etc/apache2/site-available/default-ssl.conf

SSLEngine on。

SSLCertificateFile                 /home/calf/SSL/2_www.calf.one.crt     #from the downloaded archive of StartSSL
SSLCertificateKeyFile          /home/calf/SSL/www.calf.one.key         #decrypted private key
SSLCertificateChainFile      /home/calf/SSL/1_root_bundle.crt       #from the downloaded archive of StartSSL

• Now, restart apache2 service , command : service apache2 restart

Well done! Let’s vist https://www.calf.one we will see the green lock. Big rise up!!!

Apache2 force use https：https://www.calf.one/blog/apache2-force-use-https-4255.html