API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 1st, 2017
115
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 3.85 KB | None | 0 0
raw download clone embed print report
  1. <div class="help-content">
  2.                 Nginx installation instructions:<br>
  3.                 <ol>
  4.                     <li>
  5.                         Copy and paste both the below domain certificate and the below
  6.                         intermediate certificate into the same text file called "chained.pem".
  7.                     </li>
  8.                     <li>
  9.                         If not done already, generate non-default dhparams.<br>
  10.                         <code>openssl dhparam -out dhparam.pem 4096</code>
  11.                     </li>
  12.                     <li>
  13.                         Copy "chained.pem" and "dhparam.pem" to /etc/ssl/certs/.<br>
  14.                         <pre>scp chained.pem root@foo.com:/etc/ssl/certs/chained.pem
  15. scp dhparam.pem root@foo.com:/etc/ssl/certs/dhparam.pem
  16. </pre>
  17.                     </li>
  18.                     <li>
  19.                         Copy "domain.key" /etc/ssl/private/.<br>
  20.                         <code>scp domain.key root@foo.com:/etc/ssl/private/domain.key</code><br>
  21.                     </li>
  22.                     <li>
  23.                         Update your webserver config to use https (examples below).<br>
  24. <pre>server {
  25.     listen 443;
  26.     server_name foo.com;
  27.     ssl on;
  28.     ssl_certificate /etc/ssl/certs/chained.pem;
  29.     ssl_certificate_key /etc/ssl/private/domain.key;
  30.     ssl_session_timeout 5m;
  31.     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  32.     ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
  33.     ssl_session_cache shared:SSL:50m;
  34.     ssl_dhparam /etc/ssl/certs/dhparam.pem;
  35.     ssl_prefer_server_ciphers on;
  36.  
  37.     location / {
  38.         return 200 'Hello world!';
  39.         add_header Content-Type text/plain;
  40.     }
  41. }
  42. </pre>
  43.                     </li>
  44.                 </ol>
  45.                 Apache installation instructions:<br>
  46.                 <ol>
  47.                     <li>
  48.                         Copy and paste the below domain certificate into file "domain.crt".
  49.                     </li>
  50.                     <li>
  51.                         Copy and paste the below intermediate certificate into file "intermediate.pem".
  52.                     </li>
  53.                     <li>
  54.                         Copy "domain.crt" and "intermediate.pem" to /etc/ssl/certs/.<br>
  55.                         <pre>scp domain.crt root@foo.com:/etc/ssl/certs/domain.crt
  56. scp intermediate.pem root@foo.com:/etc/ssl/certs/intermediate.pem
  57. </pre>
  58.                     </li>
  59.                     <li>
  60.                         Copy "domain.key" /etc/ssl/private/.<br>
  61.                         <code>scp domain.key root@foo.com:/etc/ssl/private/domain.key</code><br>
  62.                     </li>
  63.                     <li>
  64.                         Update your webserver config to use https (examples below).<br>
  65. <pre>&lt;VirtualHost _default_:443&gt;
  66.         ServerName foo.com:443
  67.         ServerAlias www.foo.com
  68.         DocumentRoot /var/www/foo.com/html
  69.         SSLEngine on
  70.         SSLCertificateFile    /etc/ssl/certs/domain.crt
  71.         SSLCertificateKeyFile /etc/ssl/private/domain.key
  72.         SSLCertificateChainFile /etc/ssl/certs/intermediate.pem
  73.         SSLProtocol all -SSLv2 -SSLv3
  74.         SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
  75.         SSLHonorCipherOrder on
  76.         &lt;Directory /var/www/foo.com/html&gt;
  77.                 Options Indexes FollowSymLinks MultiViews
  78.                 AllowOverride All
  79.                 Order allow,deny
  80.                 allow from all
  81.         &lt;/Directory&gt;
  82. &lt;/VirtualHost&gt;
  83. </pre>
  84.                     </li>
  85.                 </ol>
  86.             </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!