Author: Calf < https://www.calf.one >
https will be a mainstream website protocol , as a fellow traveller and diao, I love the free lunch , so I found the StartSSL free SSL, the official website is : https://www.startssl.com/
Calf’s tip: Cliek the thumbs can view the big size picture
Select “Start Now for Free SSL Certificate”
New user select “Sign up”;
Select your country and input your email address and then click Sent verification code ,the system will send you a Verification code.
Copy the verification code to the StartSSL dialog and click Verification. StartSSL will install the browser certificate.
And then choose certificate . “Click here to choose your certificate.”
Select “Web Server SSL/TLS Certificate” — > ” Continue “
Click “Domain Validation“
Input your domain –> “Continue”
The STARTSSL will check your email when you registered the domain. Select one —>“Send Verification Code”, goto your mailbox, copy verification code to the web dialog –> “Validation ”.
To “Order SSL Certificate”
In the domain list “Validated domain(s)” input your sub domains. Not support *.domain.com , maximum domain is 5.
Begin create private key: SSH into linux host, run command: openssl req -newkey rsa:2048 -keyout yourname.key -out yourname.csr “Enter PEM pass phrase:” # input password
Input the information what you need
[email protected]:/home/calf# openssl req -newkey rsa:2048 -keyout calf.key -out calf.csr
Generating a 2048 bit RSA private key
writing new private key to ‘calf.key’
Enter PEM pass phrase:
Verifying – Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]:CN #Country
State or Province Name (full name) [Some-State]:GuangDong #Province
Locality Name (eg, city) :ShenZhen #城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Calf Blog
Organizational Unit Name (eg, section) :Calf Blog
Common Name (e.g. server FQDN or YOUR name) :Calf
Email Address :[email protected]
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password :Calf.one
An optional company name :
Then, it will create two files in my folder : calf.key , calf.csr. Open file calf.csr , copy the content to StartSSL web diaglog –>“Submit”.
StartSSL will create the certificates, –> Click HERE “please click here ” download certificates.
We will get a zip file, it contains different server certificates. My server is Apache, uncompress the Apache archive(1_root_bundle.crt, 2_www.domain name.crt), and upload them to my web host.
- There is an important step “decrypt private key” , go to StartSSL ToolBox, select “Decrypt Private Key” .
Open the step 1 of file calf.key, copy the content to StartSSL web dialog, and input your password for “Passphrase:” –> click “Decrypt”.
Copy the content of decrypted and past to a new file and save it, then upload to web host.In the best, we’d better create new file on our web host via vi.
- Then enable apache SSL moudle, command: a2enmod ssl
- modify apache SSL configuration file: /etc/apache2/site-available/default-ssl.conf
SSLCertificateFile /home/calf/SSL/2_www.calf.one.crt #from the downloaded archive of StartSSL
SSLCertificateKeyFile /home/calf/SSL/www.calf.one.key #decrypted private key
SSLCertificateChainFile /home/calf/SSL/1_root_bundle.crt #from the downloaded archive of StartSSL
Now, restart apache2 service , command : service apache2 restart
Well done! Let’s vist https://www.calf.one we will see the green lock. Big rise up!!!
Apache2 force use https：https://www.calf.one/blog/apache2-force-use-https-4255.html