SSL certificate installation with DigiCert®

HTTPS — Hypertext Transfer Protocol Secure

To make the site secure

W3Techs survey from May 2018

SSL Certificate

Step 01 — Create a CSR

openssl req -new -newkey rsa:2048 -nodes -keyout test-domain.key -out test-domain.csr

Step 02 — Create the SSL certificate

-----BEGIN CERTIFICATE-----

[encoded data]

------END CERTIFICATE-----
cat ssl_certificate.crt IntermeidateCA.crt >> domain_name.crt

Step 03 —Install the certificate into the Nginx

upstream puma {
server unix:///shared/tmp/sockets/pml_prod-puma.sock;
}
# Force https for http requests
server {
listen 80;
listen [::]:80;
server_name hello.picturemylife.se;
return 301 https://$host$request_uri;
}
server {
charset utf-8;
listen 443;ssl on;
ssl_certificate /home/deploy/ssl/test-cert.crt;
ssl_certificate_key /home/deploy/ssl/private-key.key;
# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#listen 80 default_server deferred;
server_name hello.example.com;
root /home/deploy/pml_prod/current/public;
access_log /log/nginx.access.log;
error_log /log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
# Allow CORS
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
listen 443;ssl on;ssl_certificate /home/deploy/ssl/test-cert.crt;
ssl_certificate_key /home/deploy/ssl/private-key.key;

Step 04 — Restart the Server Nginx

sudo /etc/init.d/nginx restart

Step 05 — Verify the Security

References:

--

--

Developer ❤️ JS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store