Nginx installation instructions:
-
Copy and paste both the below domain certificate and the below
intermediate certificate into the same text file called "chained.pem".
-
If not done already, generate non-default dhparams.
openssl dhparam -out dhparam.pem 4096
-
Copy "chained.pem" and "dhparam.pem" to /etc/ssl/certs/.
scp chained.pem [email protected]:/etc/ssl/certs/chained.pem
scp dhparam.pem [email protected]:/etc/ssl/certs/dhparam.pem
-
Copy "domain.key" /etc/ssl/private/.
scp domain.key [email protected]:/etc/ssl/private/domain.key
-
Update your webserver config to use https (examples below).
server {
listen 443;
server_name foo.com;
ssl on;
ssl_certificate /etc/ssl/certs/chained.pem;
ssl_certificate_key /etc/ssl/private/domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_prefer_server_ciphers on;
location / {
return 200 'Hello world!';
add_header Content-Type text/plain;
}
}
Apache installation instructions:
-
Copy and paste the below domain certificate into file "domain.crt".
-
Copy and paste the below intermediate certificate into file "intermediate.pem".
-
Copy "domain.crt" and "intermediate.pem" to /etc/ssl/certs/.
scp domain.crt [email protected]:/etc/ssl/certs/domain.crt
scp intermediate.pem [email protected]:/etc/ssl/certs/intermediate.pem
-
Copy "domain.key" /etc/ssl/private/.
scp domain.key [email protected]:/etc/ssl/private/domain.key
-
Update your webserver config to use https (examples below).
<VirtualHost _default_:443>
ServerName foo.com:443
ServerAlias www.foo.com
DocumentRoot /var/www/foo.com/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/domain.crt
SSLCertificateKeyFile /etc/ssl/private/domain.key
SSLCertificateChainFile /etc/ssl/certs/intermediate.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
SSLHonorCipherOrder on
<Directory /var/www/foo.com/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>