Free SSL certificate is now almost "granted", and the cost of purchasing an SSL certificate a few years ago is quite high, while the use of SSL certificates will generally be the site of the passers-by and search engines, "look at the high." Free SSL is now very popular, there are common: Let's Encrypt , StartSSL , CloudFlare SSL , Vorthong free SSL and so on.
If your security requirements for SSL certificates is relatively high, you can try to purchase SSL certificates paid, after all, the SSL certificate price is also very "civilian", like Namecheap SSL cheapest one year is more than ten dollars, very cost-effective. However, the country would like to purchase an SSL certificate seemingly can choose not many, even the SSL certificate Ali cloud actually is and Vorthong SSL certificate cooperation.
For a small blog, the SSL certificate to pay for intangibles will increase the cost of establishment, together with the now free SSL certificates also can basically meet the daily needs of safety and security, in line with the principles of conservation, we chose the free SSL certificate, I used Tencent cloud DV SSL certificate, free for one year.
1, Tencent cloud with your account to enter the SSL certificate authority, click on "Request a certificate."
2, then you will see "Free GeoTrust DV SSL Certificate", click "OK."
3, then, you will be asked to fill out an application domain SSL certificates, certificates remarks names.
4, Tencent cloud will ask you to verify domain ownership, offers two ways, one is DNS, one is the mailbox, the most convenient and efficient natural choice mailbox is verified.
5, to your domain mailbox for a verification message. After authentication certificate will automatically enter the review stage.
6, the downloaded * .com.zip file, unzip get three folders, namely the certificate file Apache, IIS, Nginx server,
The following describes configuration support HTTPS in Apache:
Obtain a certificate
.. Apache folder to obtain the certificate file 1_root_bundle.crt, 2 _ *** crt and private key files _ *** Key 3,
1_root_bundle.crt file contains the code for a certificate "--BEGIN CERTIFICATE--" and "- CERTIFICATE-- the END ",
2 _ *** CRT file comprises one certificate codes." --BEGIN CERTIFICATE-- "and" --END CERTIFICATE-- ",
. 3 _ *** Key private key file includes a section of code." - -BEGIN RSA PRIVATE KEY-- "and" --END RSA PRIVATE KEY-- ".Certificate installation
edit conf / httpd.conf file in the root directory of Apache, find#LoadModule ssl_module modules/mod_ssl.soand#Include conf/extra/httpd-ssl.confremove the # sign in front of the comment; if OpenSSL is not already installed, it can use yum to install,yum install mod_ssl opensslafter installation, it will automatically generate the / etc / httpd / conf .d / ssl.conf file! The introduction of these two files to the httpd.conf file; Apache edit root directory conf / httpd-ssl.conf or conf.d / ssl.conf document, the following modifications:
<VirtualHost ***:443>
DocumentRoot "***"
ServerName ***
SSLEngine on
SSLCertificateFile ***.crt
SSLCertificateKeyFile ***.key
SSLCertificateChainFile ***.crt
</VirtualHost>After configuration is complete, restart Apache can use https to visit.
Note:
| Profile parameters | Explanation |
|---|---|
| SSLEngine on | Enable SSL |
| SSLCertificateFile | Certificate file |
| SSLCertificateKeyFile | Private key file |
| SSLCertificateChainFile | Certificate chain file |