Big rise up! – Enable https(SSL)

Author: Calf < https://www.calf.one >

https will be a mainstream website protocol , as a  fellow traveller and diao, I love the free lunch , so I found the StartSSL free SSL, the official website is : https://www.startssl.com/

Calf’s tip: Cliek the thumbs can view the big size picture

  • Select “Start Now for Free SSL Certificate”

Free SSL

Free SSL

  • New user select “Sign up”;

Sign up

Sign up

  • Select your country and input your email address and then click Sent verification code ,the system will send you a Verification code.

Verification

Verification

  • Copy the verification code to the StartSSL dialog and click Verification. StartSSL will install the browser certificate.

browser certificate installed

browser certificate installed

  • And then choose certificate . “Click here to choose your certificate.”

choose certificate

choose certificate

  • Select “Web Server SSL/TLS Certificate” — > ” Continue “

Web server certificate

Web server certificate

No validated domain

No validated domain

  • Input your domain  –> “Continue”

Input domain

Input domain

  • The STARTSSL will check your email when you registered the domain. Select one  —>“Send Verification Code”, goto your mailbox, copy verification code to the web dialog –> “Validation ”.

Verify domain

Verify domain

  •  To “Order SSL Certificate”

To "Order SSL Certificate"

To “Order SSL Certificate”

  • In the domain list “Validated domain(s)” input your sub domains. Not support *.domain.com , maximum domain is 5.

Begin create private key: SSH into linux host, run command: openssl req -newkey rsa:2048 -keyout yourname.key -out yourname.csr

“Enter PEM pass phrase:”  # input password
create private key

create private key

  • Input the information what you need

[email protected]:/home/calf# openssl req -newkey rsa:2048 -keyout calf.key -out calf.csr
Generating a 2048 bit RSA private key
..+++
……………………………………………………………………………………………………………………+++
writing new private key to ‘calf.key’
Enter PEM pass phrase:

Verifying – Enter PEM pass phrase:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [AU]:CN #Country
State or Province Name (full name) [Some-State]:GuangDong #Province
Locality Name (eg, city) []:ShenZhen #城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Calf Blog
Organizational Unit Name (eg, section) []:Calf Blog
Common Name (e.g. server FQDN or YOUR name) []:Calf
Email Address []:[email protected]

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:Calf.one
An optional company name []:

create private key

create private key

  • Then, it will create two files in my folder : calf.key , calf.csr. Open file calf.csr , copy the content to StartSSL web diaglog –>“Submit”.

create private key

create private key

copy private key

copy private key

  • StartSSL will create the certificates, –> Click HERE  “please click here ” download certificates.

download certificates

download certificates

  • We will get a zip file, it contains different server certificates.  My server is Apache, uncompress  the Apache archive(1_root_bundle.crt, 2_www.domain name.crt), and upload them to my web host.

  • There is an important step “decrypt private key” , go to StartSSL ToolBox, select “Decrypt Private Key” .
Decrypt Private Key

Decrypt Private Key

  • Open the step 1 of file calf.key, copy the content to StartSSL web dialog, and input your password for “Passphrase:” –> click  “Decrypt”.

Decrypt Private Key

Decrypt Private Key

  • Copy the content of decrypted and past to a new file and save it, then upload to web host.In the best, we’d better create new file on our web host via vi.

  • Then enable apache SSL moudle, command: a2enmod ssl
  • modify apache SSL configuration file: /etc/apache2/site-available/default-ssl.conf

SSLEngine on

SSLCertificateFile                 /home/calf/SSL/2_www.calf.one.crt     #from the downloaded archive of StartSSL
SSLCertificateKeyFile          /home/calf/SSL/www.calf.one.key         #decrypted private key
SSLCertificateChainFile      /home/calf/SSL/1_root_bundle.crt       #from the downloaded archive of StartSSL

modify apache SSL configuration file

modify apache SSL configuration file

Apache2 SSL configuration

Apache2 SSL configuration

  • Now, restart apache2 service , command : service apache2 restart

Well done! Let’s vist https://www.calf.one we will see the green lock. Big rise up!!!

https enabled

https enabled

Apache2 force use https:https://www.calf.one/blog/apache2-force-use-https-4255.html

Trackbacks & Pingbacks (1)

  1. Apache2强制使用https - Calf Blog

Leave a comment

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.

calf-blog-top