Configuring Wildcard AlphaSSL from Centrio Host

Posted on 2013-09-11 13:05 H2O 阅读(325) 评论(0)  编辑  收藏

This article is dedicated to Junjiang, a member in LowEndTalk.

In the received email, we would have some long line with the code like bellow :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
MUST BE INSTALLED ON YOUR WEB SERVER:
Your SSL Certificate (Formatted for the majority of web server
software including IIS and Apache based servers):
-----BEGIN CERTIFICATE-----
MIIEwjCCA6qgAwIBAgISESG0oF5qDhFRTOer2K4ezFMvMA0GCSqGSIb3DQEBBQUA
k6zVnkLbO61NznKk7OqVHYS+ZHpo6g==
-----END CERTIFICATE-----
 
Intermediate Certificate:
 
-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+MPpZqmyIJ3E+LgDYqeF0RhjWw==
-----END CERTIFICATE-----

Copy paste the line from the SSL Certificate and the Intermediate Certificate into one file, for example the file is /etc/ssl/httpd/erawan.me.crt :

1
2
3
4
5
6
7
8
-----BEGIN CERTIFICATE-----
MIIEwjCCA6qgAwIBAgISESG0oF5qDhFRTOer2K4ezFMvMA0GCSqGSIb3DQEBBQUA
k6zVnkLbO61NznKk7OqVHYS+ZHpo6g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgILBAAAAAABL07hNwIwDQYJKoZIhvcNAQEFBQAwVzELMAkG
+MPpZqmyIJ3E+LgDYqeF0RhjWw==
-----END CERTIFICATE-----

 

Configure the Nginx

Because I’m using Minstall for configuring my vps, the Nginx configuration would be at /etc/nginx/host.d/erawan.me.conf :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
server {
    listen 443 ssl;
    server_name erawan.me;
    ssl_certificate /etc/ssl/http/erawan.me.crt;
    ssl_certificate_key /etc/ssl/http/erawan.me.key;
 
    access_log off;
    error_log /home/erawan/http/logs/erawan.me.log;
    index index.html index.php;
    root /home/erawan/http/erawan.me;
    try_files $uri $uri/ /index.php;
    client_max_body_size 2000M;
 
    include /etc/nginx/conf.d/cache.conf;
    include /etc/nginx/conf.d/deny.conf;
    include /etc/nginx/php.d/erawanarifn.conf;
}

Restart the Nginx, and it’s all done :)
Configuration on Tomcat:


To install your SSL Certificate, perform the following steps:


1. Import the appropriate root certificates using:

$ keytool -import -trustcacerts -keystore mystore.kdb -alias root - file root.cer

"mystore.kdb" being your keystore.

2. Import the "yourdomain.cer" file using:

keytool -import -trustcacerts -keystore mystore.kdb -alias tomcat -file yourdomain.cer

With "mystore.kdb" being your keystore.

Update server.xml configuration file:

1. Open "$JAKARTA_HOME/conf/server.xml" in a text editor.

2. Find the following section:

- <!-- 
Define a SSL Coyote HTTP/1.1 Connector on port 8443 
--> 
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" 
port="443" minProcessors="5" maxProcessors="75" 
enableLookups="true" 
acceptCount="100" debug="0" scheme="https" secure="true" 
useURIValidationHack="false" disableUploadTimeout="true">
<Factory 
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" 
clientAuth="false"
protocol="TLS" 
keystoreFile="mystore.kdb"
keystorePass="YOUR_KEYSTORE_PASSWORD" />
</Connector>

3. If you want Tomcat to use the default SSL port, change all instances of the port number "8443" to 443.

4. Start or restart Tomcat


只有注册用户登录后才能发表评论。


网站导航:
 

posts - 0, comments - 21, trackbacks - 0, articles - 101

Copyright © H2O