Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to apply for and configure the SSL certificate of StartSSL for the website". In the operation of the actual case, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

StartSSL is a relatively early third-party provider that provides free SSL certificates. We can apply for and renew them for free to users who need HTTPS URLs. With regard to the use of SSL certificates for websites, it is mainly because Google mentioned in the wizard that if a website uses SSL certificates, it will have a certain ranking advantage. Although search engines such as Baidu have also announced that they support the index of SSL certificates, so far we have seen that most of them are used in English or aimed at users in overseas search engines such as Google.

Whether we use a StartSSL free certificate or a paid certificate, we don't see any difference from the manual. For users who only need a small lock logo, it doesn't matter. Free can also be used. If we worry too much about the difference between free and paid SSL, then we still buy a paid SSL. Nowadays, paid SSL is also very cheap. For example, the cheapest purchase in Namecheap is only $3.99a year.

Nowadays, SSL certificates have become very popular. For example, the free Let's Encrypt SSL that Xiaobian is ready to share has started public testing and has been recognized by most third-party browsers and authoritative websites. So if our website needs to use SSL certificates to achieve HTTPS URL format in the future, there are still many free SSL channels to choose from.

First, the official website of StartSSL

Official website: https://www.startssl.com

After entering the official StartSSL website, if we are new users, we will need a new Sign-UP account.

Second, newly registered StartSSL account

By default, the country is selected according to the IP address. If the choice is not correct, we need to choose one by ourselves, and then enter the mailbox and click on the activation verification code, which will send an activation verification code to our mailbox.

Here we enter the CAPTCHA and click Sign UP to complete the registration. The StartSSL official website login certificate will be automatically installed in the browser. We do not need to enter a user name and password to log in to the StartSSL official website in the future. We can click Authenticate to log in to the StartSSL user management panel interface.

Third, apply for a free StartSSL certificate

StartSSL merchants do not completely provide free SSL certificates, but also provide payment certificates. After all, other people also have to make ends meet. If we have money in the future, we will also buy other people's paid SSL to use.

1. Choose a free SSL certificate

We can see a lot of paid SSL certificates in the background panel. I don't know what's special about it. Here, find the location shown in the figure above, and see that the free certificate is what we are looking for. Click the HERE link to go to the next step to see what information you need to apply for.

2. Select the SSL application type

There are two types of use here: Web Server SSL/TLS Certificate and Client S/MIME and Authentication Certificate. Generally, we choose the first one.

3. Verify the ownership of the domain name

When we choose to use it in the website, we definitely need to verify the domain name we need to use, or it will be messed up. See the picture above and click "Domain Validation" to verify the domain name.

Here we need to use the domain name, then select the Domain Validation option.

The editor here is only to test the application process of StartSSL free SSL certificate, and is not ready to use it in the actual website, so I will temporarily use one of the second-level domain names of laobuluo.com as the application certificate test.

Here we select a usable mailbox and click the Send Verification Code button to send the email, then enter the activation code received and click the Validation button to verify. It should be noted here that if we do not have a domain name post office, we will automatically retrieve the WHOIS mailbox. If we have privacy protection, we can cancel it first and then turn on privacy protection after receiving it. Here I use the "webmaster@laobuluo.com" domain name post office, so I choose to accept verification.

After the verification is completed and the domain name activation verification is applied, we can continue to apply for a free SSL certificate.

4. Apply for a free domain name SSL certificate

(1) enter the domain name you applied for

We can fill in a maximum of 5 sub-domain names including "laobuluo.com", one per line, and StartSSL free SSL can only support 5. If you need more than one, you need to purchase a paid service.

(2) enter CSR

If you have read the previous articles, if we use VPS, we need to fill in CSR when applying for SSL certificate, and this CSR can be generated directly in VPS.

The code is as follows:

Openssl req-new-newkey rsa:2048-nodes-keyout laobuluo.com.key-out laobuluo.com.csr

After executing the command, we need to copy and paste the script of laobuluo.com.csr. Here we have to improvise. If we use virtual hosts, one-click packages, and other environments, CSR may be generated automatically, and then we can copy it according to the specified path.

If we are not using VPS or are not ready to use it yet, just like the editor, apply first and then use it later, then choose the PKI system that comes with StartSSL to generate CSR.

Here we enter more than 10-digit password, let the system automatically generate CSR for us, here we must remember the password, later estimated to be used when getting SSL.

We must save this key, download it or copy it to the local store. We will definitely need it later. What else can we do with this? Click SUBMIT to submit after you save it. So far, we have applied for a free StartSSL SSL certificate, but we need to wait for the audit email to be sent before we can download the certificate and use it on the website.

PS: this time process may be more than ten minutes, but also a few hours, we can only wait.

Fourth, download and use StartSSL free SSL certificate

The editor remembers that it used to take more than ten minutes or even hours to download and use it, but now it seems that it can be used immediately. It seems that the official efficiency has improved a lot.

We can see that the background of the StartSSL certificate is relatively clear, we do not need to use the general tools, if the editor needs to be used in the actual use. What we need to do here is download the certificate. The default is free for 1 year, and the contract can be renewed before it expires, and it is also free.

Here we see the download of the SSL certificate package is more clear. According to the environment of our website, then use the SSL certificate file in the respective package to deploy to the website.

Here I will take WordPress under Nginx as an example to talk about a small problem.

Follow the StartSSL documentation step by step. However, I directly chose to set "Certificate Signing Request (CSR)" > "Generated by PKI system" in https://startssl.com/Certificates, and because you have to enter a password to generate a certificate online, this leads to the following problems (uploading a certificate generated by yourself on the server may not encounter this problem):

Every time you start / restart Nginx, you are prompted:

Stoping nginx... Enter PEM pass phrase:

According to the answer on the Internet: this situation may be that the password settings are written to the key file when setting the private key key, resulting in a series of servers such as Nginx/Apache requiring Enter PEM pass phrase when starting up. What we need to do is to split the password and generate the server.key.unsecure file using the following OpenSSL command:

The code is as follows:

Openssl rsa-in server.key-out server.key.unsecure

Opensslrsa-in server.key-outserver.key.unsecure

Then modify the nginx.conf configuration file:

The code is as follows:

Ssl_certificate_key / etc/nginx/certs/server.key.unsecure

Ssl_certificate_key / etc/nginx/certs/server.key.unsecure

Reload the Nginx configuration file to see the effect.

This is the end of the content of "how to apply for and configure the SSL certificate of StartSSL for the website". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.