Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anton2018-06-21 19:17:09
Digital certificates
Anton, 2018-06-21 19:17:09

How to deal with certificates?

Before me are two instructions
https://dev.1c-bitrix.ru/learning/course/?COURSE_I...
https://www.acrit-studio.ru/pantry-programmer/bitr...

they are talking about two files
.key and domain_ru.crt

Question - what other files are involved? These:
domain_ru.ca-bundle and .csr

In chrome, everything works, in Mozilla it swears.
It is not clear, the key and csr file in the name are numbers, should they be renamed?
And it's not entirely clear whether some files need to be combined in a text editor?

now entered like this:
bx/conf/site1.bx_ssl.conf

# If they come here using HTTP, bounce them to the correct scheme
# Nginx internal code used for the plain HTTP requests 
# that are sent to HTTPS port to distinguish it from 4XX in a log and an error page redirection.
error_page 497 https://$host$request_uri;

# Increase keepalive connection lifetime
keepalive_timeout	70;
keepalive_requests	150;

# SSL encryption parameters
ssl			on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;

#ssl_certificate		/etc/nginx/ssl/cert.pem;
ssl_certificate /etc/nginx/ssl/domain_ru.crt;
#ssl_certificate_key	/etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/6817054.key;
# performance
ssl_session_cache	shared:SSL:10m;
ssl_session_timeout	10m;
 ssl_stapling on;
  ssl_stapling_verify on;
  add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

and
server {
     listen 443 ssl;
  server_name domain.ru www.domain.ru;
    # Enable SSL connection
include	bx/conf/site1.bx_ssl.conf;
    server_name_in_redirect	off;

    proxy_set_header	X-Real-IP	$remote_addr;
    proxy_set_header	X-Forwarded-For	$proxy_add_x_forwarded_for;
    proxy_set_header	Host		$host:443;
    proxy_set_header	HTTPS 		YES;

    set $proxyserver	"http://127.0.0.1:8888";
    set $docroot		"/home/bitrix/www";

    index index.php;
    root /home/bitrix/www;

    # Include parameters common to all websites
    include bx/conf/bitrix.conf;

    # Include server monitoring API's
    include bx/server_monitor.conf;

  }

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Anton, 2018-06-21
@anton99zel

I will answer myself - you need to combine the complete chain in the reverse order of all certificates into one file

Similar questions
L
Lev K2017-07-17 17:34:13
What needs to be done with nginx so that it gives .json files over https? 1Reply
A
Alex2019-12-17 13:34:05
How to store a file with a certificate for digitally signing a program? 0Reply
M
Michael2019-12-21 20:22:59
How to avoid an address call loop when renewing an SSL certificate? 4Reply
A
Andrey Sergeev2017-07-24 17:23:35
How to fix ssl handshake error? 0Reply
M
mr_blond972015-08-24 18:40:48
centos 6.5. How to disable RC4? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question