Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Averin2015-08-13 22:38:28
Nginx
Dmitry Averin, 2015-08-13 22:38:28

How to properly configure Nginx with WoSign certificate to get A+?

Hello! How to properly configure Nginx 1.8.0 with WoSign certificate to get A+? Debian 7. Configured according to the instructions from Habr and this blog . When checking, I get a maximum of B. One of the recommendations about the intermediate certificate. I tried to specify only it - the result does not change. Thanks

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
E
Ergil Osin, 2015-08-13
@averuga

Like this ?
Well here is an example from my config.
A+, as you can see in the test.

add_header Strict-Transport-Security "max-age=31536000";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;
  ssl                  on;
  ssl_protocols        TLSv1.2;
  ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
  ssl_session_cache    shared:SSL:10m;
  ssl_verify_client    off;
  ssl_session_timeout  5m;
  ssl_prefer_server_ciphers on;
  ssl_ecdh_curve secp521r1;
  ssl_dhparam /path/to/dh.key;
  ssl_certificate /path/to/ssl.crt;
  ssl_certificate_key /path/to/ssl.key;
  ssl_trusted_certificate /path/to/ssl.bundle;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_stapling_responder http://ocsp2.wosign.cn/ca2g2/server1/free;
  resolver 8.8.8.8;
  ssl_session_tickets on;
  ssl_session_ticket_key /path/to/ticket.key;

Report
T
TyzhSysAdmin, 2015-08-13
@POS_troi

habrahabr.ru/post/252821

Report
A
Andrey Berezhnoy, 2015-08-13
@AndreyBerezhnoy

But it was interesting. Are these certificates reliable? How about browser support?

Report
D
Dmitry Averin, 2015-08-13
@averuga

I received two files for Nginx from VuSin:
1_domen.ru_bundle.crt
2_domen.ru.key
Correctly, I understand that they should be referenced here:
ssl_certificate /path/to/ssl.crt;
ssl_certificate_key /path/to/ssl.key;
What should be indicated here? :
ssl_dhparam /path/to/dh.key;
ssl_trusted_certificate /path/to/ssl.bundle;
Sorry for the noob questions - I'm just learning. And got confused.

Similar questions
I
Ingerniated2017-05-30 20:25:42
Will Soviet speakers fit a foreign amplifier? 3Reply
B
bituke2021-05-26 10:08:52
How to quickly deploy someone else's django project? 4Reply
7
7761662019-01-21 15:33:28
How to properly redirect nginx from http to https? 1Reply
A
Anton_a462020-10-30 14:08:22
The site does not work on SSL + H2, it works without H2. What could be the problem? 2Reply
N
Nikolay Baranenko2020-10-30 21:49:08
How to hardcode a request from https to http? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question