Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <div class="help-content">
- Nginx installation instructions:<br>
- <ol>
- <li>
- Copy and paste both the below domain certificate and the below
- intermediate certificate into the same text file called "chained.pem".
- </li>
- <li>
- If not done already, generate non-default dhparams.<br>
- <code>openssl dhparam -out dhparam.pem 4096</code>
- </li>
- <li>
- Copy "chained.pem" and "dhparam.pem" to /etc/ssl/certs/.<br>
- <pre>scp chained.pem root@foo.com:/etc/ssl/certs/chained.pem
- scp dhparam.pem root@foo.com:/etc/ssl/certs/dhparam.pem
- </pre>
- </li>
- <li>
- Copy "domain.key" /etc/ssl/private/.<br>
- <code>scp domain.key root@foo.com:/etc/ssl/private/domain.key</code><br>
- </li>
- <li>
- Update your webserver config to use https (examples below).<br>
- <pre>server {
- listen 443;
- server_name foo.com;
- ssl on;
- ssl_certificate /etc/ssl/certs/chained.pem;
- ssl_certificate_key /etc/ssl/private/domain.key;
- ssl_session_timeout 5m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
- ssl_session_cache shared:SSL:50m;
- ssl_dhparam /etc/ssl/certs/dhparam.pem;
- ssl_prefer_server_ciphers on;
- location / {
- return 200 'Hello world!';
- add_header Content-Type text/plain;
- }
- }
- </pre>
- </li>
- </ol>
- Apache installation instructions:<br>
- <ol>
- <li>
- Copy and paste the below domain certificate into file "domain.crt".
- </li>
- <li>
- Copy and paste the below intermediate certificate into file "intermediate.pem".
- </li>
- <li>
- Copy "domain.crt" and "intermediate.pem" to /etc/ssl/certs/.<br>
- <pre>scp domain.crt root@foo.com:/etc/ssl/certs/domain.crt
- scp intermediate.pem root@foo.com:/etc/ssl/certs/intermediate.pem
- </pre>
- </li>
- <li>
- Copy "domain.key" /etc/ssl/private/.<br>
- <code>scp domain.key root@foo.com:/etc/ssl/private/domain.key</code><br>
- </li>
- <li>
- Update your webserver config to use https (examples below).<br>
- <pre><VirtualHost _default_:443>
- ServerName foo.com:443
- ServerAlias www.foo.com
- DocumentRoot /var/www/foo.com/html
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/domain.crt
- SSLCertificateKeyFile /etc/ssl/private/domain.key
- SSLCertificateChainFile /etc/ssl/certs/intermediate.pem
- SSLProtocol all -SSLv2 -SSLv3
- SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
- SSLHonorCipherOrder on
- <Directory /var/www/foo.com/html>
- Options Indexes FollowSymLinks MultiViews
- AllowOverride All
- Order allow,deny
- allow from all
- </Directory>
- </VirtualHost>
- </pre>
- </li>
- </ol>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement