Even though the serieze of HeartBleeding bugs makes HTTPS (SSL) look vulnerable, I still believe after bugs fixed, HTTPS is more secure than HTTP. Actually we can archieve this in a few simple steps with technologies like OpenSSL, free certificate provider, nginx configuration.
Register an account at StartSSL
StartSSL is one of websites providing free digital certificates for websites and is my favourate one after experiencing several providers. Though the UI and UX are not so good, the function is good, and that’s enough for free :-D
Open https://www.startssl.com, click
Control Panel and
Sign-up an account. Input some information to prove that you are a human being. Wait for some time, and you will receive an email that account get registered successfully.
Back up p12 file
This is critical important. Back up a p12 file for the account in StartSSL. For Mac user, you need to export this via
Email Address Validation
Return to StartSSL’s control panel, and
authenticate into it. Choose
Validation Wizard tab. In the select box, choose
Email Address Validation and complete this.
Domain Name Validation
The same to the previous step except choose
Domain Name Validation in the select box.
Generate a CSR with OpenSSL
Retrieve certificate with CSR
Open StartSSL, and find
Certificate Wizard. In Certifiate Target select box, choose
Web Server SSL/TLS Certifiate. Skip the following step, because you have already generated a CSR. Submit the CSR, and download the certificate. Download intermediate and ca files as well.
Concate DOMAIN certificate, intermediate certificate and ca certificate.
www-data is the user for nginx workers. If it’s
nginx, just replace to that.
Edit nginx configuration file.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
Here the location / is an example to use nginx as a reverse proxy. Substitude that with what you need.
Restart or reload nginx
or if the configuration file already exists, just
reload instead of
Open browser to test
Check and resolve errors.