Last update at :2024-02-10,Edit by888u
crazyssl launched a one-year wildcard SSL certificate event last year. This year’s event is coming again. Friends in need should not miss it. This is a globally trusted TrustOcean Wildcard SSL wildcard SSL certificate provided by ourselves with a 1-year validity period. It is still globally trusted. In fact, it is a free promotion for paid certificates.
– Valid for 1 year and 365 days. Get your wildcard SSL certificate for 0 yuan. – To avoid fraudulent order detection, sign up for confirmation emails first, – Before applying for the second certificate, you need to configure and issue the previous free certificate – Our own brand website is online. Comments and suggestions are welcome. – There is also a list of other world’s lowest-priced brand SSL certificates
Official website
SSL configuration tutorial
Get your site SSL configuration to A+ level
nginx configuration, only SSL-related information is posted, and the configuration needs to be placed in the server {} location.
First enable ssl
listen 443 ssl; server_name www.example.com; ssl on; ssl_certificate /etc/ssl/certs/ssl-bundle.crt; ssl_certificate_key /etc/ssl/private/www_example_com.key;Where ssl-bundle.crt is the website certificate, www_example_com.key is the certificate private key. How to obtain these two files, please search by yourself.
It should be noted that most certificates provided by CAs are multi-level, so we may need to merge multiple certificates into one, which can reduce the number of additional downloads of intermediate certificates by the browser.
Generate dhparam.pem
$ openssl dhparam -out dhparam.pem 4096Configure to nginx
ssl_dhparam /etc/ssl/certs/dhparam.pem;Protocol and ciphers selection, ciphers selection is more critical. The ciphers in this configuration support most browsers, but do not support XP/IE6.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_staple on; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256: ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE- ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL: !EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"; ssl_prefer_server_ciphers on;ssl session configuration
ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;HSTS configuration, this also has a greater impact on the score, but if you enable this, you need to enable HTTPS for the entire site.
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";Complete configuration file
server { listen 443 ssl; server_name www.example.com; ssl on; ssl_certificate /etc/ssl/certs/ssl-bundle.crt; ssl_certificate_key /etc/ssl/private/www_example_com.key; ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_staple on; ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256: ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE- ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL: !EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; location/{ # pass } }Update:
Please move hereMozilla SSL Configuration Generator
Recommended site search: US host, online registration inquiry, domain name space purchase, free personal homepage space, aaa server, latest free proxy IP, IP proxy free version 2.80, domain name price, domain name registration application, site group server,
p>
发表评论