Here are quickstep to generate SSL Certification
1 2 | openssl genrsa -out www.domain.com.key 2048 openssl req -new -key www.domain.com.key -out www.domain.com.csr |
1 2 3 4 5 6 7 8 9 10 11 12 | Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Jakarta Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:PT POLATIC INFORMATIKA INDONESIA Organizational Unit Name (eg, section) []:IT Common Name (e.g. server FQDN or YOUR name) []:www.polatic.com Email Address []:cs@polatic.com Please enter the following ‘extra’ attributes to be sent with your certificate request A challenge password []: An optional company name []:PT POLATIC INFORMATIKA INDONESIA |
Make sure check all value by :
1 | openssl req -in www.domain.com.csr -noout -text |
Option on “Common Name (e.g. server FQDN or YOUR name)” will used as your domain name certification. Make sure to choose “www” or non-www wisely.
Then we buy the certification.
Next step, we receive the certification from RapidSSL and download the intermediate from their website.
Merge together into :
1 | cat www.domain.com.ssl www.domain.com.intermediate > www.domain.com.crt |
Then in NGINX
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | server { server_name polatic.com; return 301 https://www.polatic.com$request_uri; } server { #Redirect https, non-www to https, www listen 443 ssl; server_name polatic.com; ssl_certificate /etc/ssl/polatic.com.crt; ssl_certificate_key /etc/ssl/polatic.com.key; return 301 https://www.polatic.com$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name www.polatic.com; ssl on; root /var/polatic; ssl_certificate /etc/ssl/polatic.com.crt; ssl_certificate_key /etc/ssl/polatic.com.key; client_body_timeout 460; client_header_timeout 460; send_timeout 460; client_max_body_size 10m; keepalive_timeout 300 300; access_log /var/log/nginx/access.log; index index.php index.html index.htm; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location / { # This is cool because no php is touched for static content try_files $uri $uri/ /index.php?$args; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ .php$ { fastcgi_send_timeout 3800; fastcgi_read_timeout 3800; fastcgi_connect_timeout 2800; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~* .(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } # deny access to .htaccess files, if Apache document root # concurs with nginx one # location ~ /.ht { deny all; } } |