Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Dmitry Averin2015-08-13 22:38:28
Nginx
Dmitry Averin, 2015-08-13 22:38:28

How to properly configure Nginx with WoSign certificate to get A+?

Hello! How to properly configure Nginx 1.8.0 with WoSign certificate to get A+? Debian 7. Configured according to the instructions from Habr and this blog . When checking, I get a maximum of B. One of the recommendations about the intermediate certificate. I tried to specify only it - the result does not change. Thanks

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
E
Ergil Osin, 2015-08-13
@averuga

Like this ?
Well here is an example from my config.
A+, as you can see in the test.

add_header Strict-Transport-Security "max-age=31536000";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;
  ssl                  on;
  ssl_protocols        TLSv1.2;
  ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
  ssl_session_cache    shared:SSL:10m;
  ssl_verify_client    off;
  ssl_session_timeout  5m;
  ssl_prefer_server_ciphers on;
  ssl_ecdh_curve secp521r1;
  ssl_dhparam /path/to/dh.key;
  ssl_certificate /path/to/ssl.crt;
  ssl_certificate_key /path/to/ssl.key;
  ssl_trusted_certificate /path/to/ssl.bundle;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_stapling_responder http://ocsp2.wosign.cn/ca2g2/server1/free;
  resolver 8.8.8.8;
  ssl_session_tickets on;
  ssl_session_ticket_key /path/to/ticket.key;

Report
T
TyzhSysAdmin, 2015-08-13
@POS_troi

habrahabr.ru/post/252821

Report
A
Andrey Berezhnoy, 2015-08-13
@AndreyBerezhnoy

But it was interesting. Are these certificates reliable? How about browser support?

Report
D
Dmitry Averin, 2015-08-13
@averuga

I received two files for Nginx from VuSin:
1_domen.ru_bundle.crt
2_domen.ru.key
Correctly, I understand that they should be referenced here:
ssl_certificate /path/to/ssl.crt;
ssl_certificate_key /path/to/ssl.key;
What should be indicated here? :
ssl_dhparam /path/to/dh.key;
ssl_trusted_certificate /path/to/ssl.bundle;
Sorry for the noob questions - I'm just learning. And got confused.

Similar questions
N
Nikita2019-12-07 16:33:20
Why does "tbody" "tfoot" stop rowspan from working? 2Reply
V
VITYA-XY12020-12-13 17:48:06
Why after setting proxy_set_header Connection "Upgrade"; Do all response headers disappear from Responce? 1Reply
R
Rafail Dunyashev2016-11-01 10:04:50
How to put a stub page for "a in denied error"? 1Reply
P
Peter2016-11-02 14:33:31
Why doesn't nginx write access_log? 2Reply
D
dvachek2016-11-02 22:22:41
Nginx gives 502 for no reason, what to do? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question