Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to configure StartSSL's free SSL certificate". The content of the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to configure StartSSL's free SSL certificate".

Application for SSL Certificate

1. Open http://www.startssl.com/

2. Click StartSSL Free (Class 1)

3. Click Certificate Control Panel to enter the control panel, or visit http://www.startssl.com/?app=12 directly.

4. Click sign-up to register an account

5. Fill in the registration information in English format

6. After filling in the information, an email will be sent to the registered mailbox. Do not close this page of startssl at this time, check the mailbox to enter the verification code.

7. Wait for StartComm to manually review the registered personal information. If the audit is successful, you will receive a second email.

Startssl approval is quick, and you'll get an email in a minute. Access the link address in the email and enter the CAPTCHA again.

8. Establish a private key

Select Advanced and click continue.

9. Install the certificate

10. Installation completed

After the installation is complete, there will be a prompt box:

The face will prompt:

Your first client certificate has been installed into your browser. This is a bootstrapping certificate for authentication purpose.

Backup this certificate to an external media, otherwise you might not be able to regain access to your account. Please read these instructions from our FAQ page on how to do that.

Click Finish on the page.

11. Then the page will jump to F.A.Q. Page

Click How do I backup my client certificates? Take a look at how to back up the certificate

Firefox: tools-options-Advanced-View Certificate-your certificate, here are the certificates that need to be backed up. To log in to startssl in the future, you need to log in with the certificate previously installed on the browser. You can only re-enroll after losing the certificate.

To log in in the future, click Authenticate to log in by certificate:

12. Start applying for free ssl certificates

The general process is as follows:

1) go to Validations Wizard first to verify the ownership of the domain name

2) then go to Certificates Wizard to select the type of certificate to apply for

3) go to the Tool Box tab and use the gadgets inside to generate the certificate

13. Click Validations Wizard

Select Domain name validation and click Continue.

Enter the domain name you want to apply for and click Continue.

Select a verified mailbox with postmaster@ domain name, hostmaster@ domain name, webmaster@ domain name, and the mailbox when registering the domain name.

Check the mailbox and enter the CAPTCHA:

Verification successful:

Domain name verification is successful. This verification is valid for 30 days. If it expires, you need to reverify it. Click Finish to return to the control panel.

14. Click Certificates Wizard

Select WEB Server SSL/TSL Certifites:

Generate a private key and provide a password for the private key, at least 10 bits and up to 32 bits:

Save the display as ssl.key (the private key is encrypted):

Select the domain name:

Enter a subdomain name that requires a ssl certificate:

Then confirm the domain name previously used to apply for the certificate.

Finally, it will prompt:

Additional Check Required!

You successfully finished the process for your certificate. However your certificate request has been marked for approval by our personnel. Please wait for a mail notification from us within the next 3 hours (the most). We might contact you for further questions or issue the certificate within that time. Thank you for your understanding!

Then wait for the e-mail notice.

15. Click Tool Box after receiving the email

Use Tool Box-Decrypt Private Key to decrypt the contents of the previously generated ssl.key. Save the result as a .key file. Like ssl2.key.

Save the certificate:

Tool Box-Retrieve Certificate, select the domain name to apply for the certificate, and save the contents of the box as a .crt file. Like ssl.crt. This is the certificate file.

Apache server, upload the ssl2.key and ssl.crt files, and modify the configuration file settings.

Registration considerations

You must fill in your home address and be as detailed as possible, otherwise the approval may not be approved.

After receiving the approval message, it is best to use firefox (to install the certificate)

Startssl does not use passwords to authenticate, but only certificates to authenticate. Remember to save the certificate after installation (network disk and other places), otherwise you need to reapply for the account and contact startssl to merge the account.

Application for SSL Certificate

The free certificate is valid for one year. When it expires, you will be reminded to reapply for renewal.

You need to keep your key when you apply.

After the application is completed, you can get the applied cert in Retrieve Certificate (sometimes you need to review, just wait)

Installation of certificates under Nginx

Key files need to use Decrypt Private Key provided by startssl to unpassword and reuse

You can get the cert file in Retrieve Certificate if you can't find it.

The cert file must be merged with startssl's StartCom CA Certificates, or the browser may not recognize the certificate chain. The merger method is (from the official help: How to install (NGINX Server)):

The code is as follows:

Wget http://www.startssl.com/certs/ca.pem

Wget http://www.startssl.com/certs/sub.class1.server.ca.pem

Cat ssl.crt sub.class1.server.ca.pem ca.pem > / etc/nginx/conf/ssl-unified.crt

Enabling spdy:ngx_http_spdy_module was added in nginx 1.3.15, and the-- with-http_spdy_module option needs to be added at compile time. If you have added this compilation option, you can use this configuration

The code is as follows:

Listen 443 ssl spdy

Ssl on

Ssl_certificate ssl-unified.crt

Ssl_certificate_key ssl.key

Configuration error report

The code is as follows:

[warn] nginx was built without OpenSSL NPN support

Solution: download openssl1.0.1 first

The code is as follows:

Cd / usr/local

Wget http://www.openssl.org/source/openssl-1.0.1.tar.gz

Tar zxvf openssl-1.0.1.tar.gz

Rm openssl-1.0.1.tar.gz-f

Second, recompile nginx (do not know the compilation parameters? Try nginx-V). The compilation parameters must include:-- with-http_ssl_module-- with-http_spdy_module-- nginx-t after with-openssl=/usr/local/openssl-1.0.1 compilation is completed to test whether it works.

Thank you for reading, the above is the content of "how to configure StartSSL's free SSL certificate". After the study of this article, I believe you have a deeper understanding of how to configure StartSSL's free SSL certificate, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.