Want more timely Centmin Mod News Updates?
Become a Member

SSL How to install ssl certificate on Centminmod?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by pamamolf, Oct 12, 2014.

Tags:
  1. pamamolf

    pamamolf Well-Known Member

    2,821
    253
    83
    May 31, 2014
    Ratings:
    +447
    Local Time:
    5:25 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Hi

    I want to ask please if we have a topic here with a tutorial on how to install an ssl certificate on Centminmod ?

    Also if i want to use the certificate at www. mydomain and not at mydomain.com should i get a wildcard certificate?

    Any free one to test on my vps?

    Why here on the forum you don't have the green bar for ssl?

    Thanks :)
     
    Last edited: Oct 12, 2014
    • Like Like x 1
  2. RoldanLT

    RoldanLT Well-Known Member

    3,979
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    11:25 AM
    1.11
    10.2
  3. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    1:25 PM
    Nginx 1.13.x
    MariaDB 5.5
    • Like Like x 2
  4. Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    10:25 AM
    1.9.5
    10.0.21
    Another question about SSL by the way; I'd like to set up my own self signed ssl for my ip address, not domain, how can I do it?
     
  5. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    1:25 PM
    Nginx 1.13.x
    MariaDB 5.5
    3rd post, 1st link it is same as ssl certificate is tied to domain / subdomain not ip
     
  6. Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    10:25 AM
    1.9.5
    10.0.21
  7. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    1:25 PM
    Nginx 1.13.x
    MariaDB 5.5
    just setup domain dns pointing to the ip and then ip can use https and as it's self signed it will have untrusted warning either way
     
    • Like Like x 1
  8. Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    10:25 AM
    1.9.5
    10.0.21
    Just noticed that Nginx HTTPS / SSL Google SPDY configuration have minor typo in
    "ssl_certificate /usr/local/nginx/conf/ssl/domain.com/yourdomain_com.crt". I think there is no dot here from your previous intruction.
     
    • Like Like x 1
  9. Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    10:25 AM
    1.9.5
    10.0.21
    Done my test on local host, worked well ;), checked spdy 3.1 with spdy indicator extension from Chrome:
    [​IMG]
     
    Last edited: Oct 13, 2014
    • Like Like x 1
  10. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    1:25 PM
    Nginx 1.13.x
    MariaDB 5.5
  11. Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    10:25 AM
    1.9.5
    10.0.21
    By the way I had message from nginx config rewrite:
    [1013/061346:INFO:google_message_handler.cc(35)] No threading detected. Own threads: 1 Rewrite, 1 Expensive Rewrite.

    Not sure what is it from? My config file is:
    Code:
    server {
      server_name test1.com www.test1.com;
      return 301 https://$server_name$request_uri;
    }
    
    server {
      listen  443 ssl spdy;
    
      access_log off;
      error_log off;
    
      index index.php index.html index.htm;
      server_name test1.com www.test1.com;
      ssl_certificate  /usr/local/nginx/conf/ssl/test1com/test1_com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/test1com/bangkey.key;
      ssl_session_cache  shared:SSL:10m;
      ssl_session_timeout  10m;
    
      ssl_protocols  SSLv3 TLSv1 TLSv1.1 TLSv1.2;
      # mozilla recommended
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!kEDH:!EDH:!CAMELLIA;
    
      ssl_prefer_server_ciphers  on;
      add_header Alternate-Protocol  443:npn-spdy/3;
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header  X-Content-Type-Options "nosniff";
      #add_header X-Frame-Options DENY;
      spdy_headers_comp 5;
      ssl_buffer_size 1400;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_stapling_verify on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/test1com/domain.com-trusted.crt;
    # ngx_pagespeed & ngx_pagespeed handler
    include /usr/local/nginx/conf/pagespeed.conf;
    include /usr/local/nginx/conf/pagespeedhandler.conf;
    include /usr/local/nginx/conf/pagespeedstatslog.conf;
    include /usr/local/nginx/conf/wordpress/general.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      root /home/nginx/domains/test1.com/public;
    
      location /home/nginx/domains/test1.com/public {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # Shows file listing times as local time
      #autoindex_localtime on;
    
      # Enable for vBulletin usage WITHOUT vbSEO installed
      #try_files  $uri $uri/ /index.php;
    
      }
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
    
    
     
  12. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    1:25 PM
    Nginx 1.13.x
    MariaDB 5.5
  13. pamamolf

    pamamolf Well-Known Member

    2,821
    253
    83
    May 31, 2014
    Ratings:
    +447
    Local Time:
    5:25 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    But is this normal to display this even ngx_pagespeed is disabled?
     
  14. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    1:25 PM
    Nginx 1.13.x
    MariaDB 5.5
    yes as long as ngx_pagespeed is integrated into nginx even if disabled will show up that info message notice
     
    • Like Like x 1
  15. Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    10:25 AM
    1.9.5
    10.0.21
    FYI; if you would like to redirect 404 error to customer page we have to add " error_page 404 = /404.html; " under
    https SSL SPDY vhost. For example my code:
    Code:
    server {
      server_name test1.com www.test1.com;
      return 301 https://$server_name$request_uri;
    
    }
    
    # https SSL SPDY vhost
    server {
      listen 443 ssl spdy;
      server_name test1.com;
      access_log off;
      error_log off;
      index index.php index.html index.htm;
      error_page  404 = /404.html;
    
      ssl_certificate  /usr/local/nginx/conf/ssl/test1com/test1_com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/test1com/bangkey.key;
      ssl_session_cache  shared:SSL:10m;
      ssl_session_timeout  10m;
    .............................
    
    Hi @eva2000; I wonder why you did not create nginx .conf template with error_page included (comment #) in vhost. However; you created these .html files in directory?
     
  16. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    1:25 PM
    Nginx 1.13.x
    MariaDB 5.5
    left that to end user to do :)
     
  17. Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    10:25 AM
    1.9.5
    10.0.21
    Hi @eva2000; I had another question, I built 2 vhost test1.com and test2.com with different SSL. Both sites running SSL fine.
    However; these sites running under one IP address. When I tried to enter https://1.2.3.4 for example, browser always uses SSL of test1.com, not test2.com.
    How can I define to make default SSL when user enters IP address with https?
    Thank you very much ;)
     
  18. RoldanLT

    RoldanLT Well-Known Member

    3,979
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    11:25 AM
    1.11
    10.2
    Modify virtual.conf
     
    • Like Like x 1
  19. Josephm

    Josephm Active Member

    126
    43
    28
    Aug 26, 2014
    Ratings:
    +45
    Local Time:
    10:25 AM
    1.9.5
    10.0.21
    Thanks @RoldanLT, I tried and it worked, my virtual.conf sample:
    Code:
    server {
    #  listen  80;
      listen  80 default_server backlog=2048;
      server_name 192.168.150.129;
      return 301 https://$server_name$request_uri;
      root  html;
    }
    
    server {
      listen 443 default_server ssl spdy;
      server_name 192.168.150.129;
    
      ssl_certificate  /usr/local/nginx/conf/ssl/test3com/test3_com.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/test3com/test3_com.key;
      ssl_session_cache  shared:SSL:10m;
      ssl_session_timeout  10m;
    
      ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
      # mozilla recommended
      ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
    
      ssl_prefer_server_ciphers  on;
      add_header Alternate-Protocol  443:npn-spdy/3;
      add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header  X-Content-Type-Options "nosniff";
      #add_header X-Frame-Options DENY;
      spdy_headers_comp 5;
      ssl_buffer_size 1400;
      ssl_session_tickets on;
    
      # enable ocsp stapling
      #resolver 8.8.8.8 8.8.4.4 valid=10m;
      #resolver_timeout 10s;
      #ssl_stapling on;
      #ssl_trusted_certificate /usr/local/nginx/conf/ssl/test3.com/test3.com-trusted.crt;
      access_log  /var/log/nginx/localhost.access.log  main buffer=32k;
      error_log  /var/log/nginx/localhost.error.log  error;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
    # limit_conn limit_per_ip 16;
    # ssi  on;
    
      location / {
    
    # block common exploits, sql injections etc
    #include /usr/local/nginx/conf/block.conf;
    
    #  Enables directory listings when index file not found
    #  autoindex  on;
    
    #  Shows file listing times as local time
    #  autoindex_localtime on;
    
    #  Enable for vBulletin usage WITHOUT vbSEO installed
    #  try_files  $uri $uri/ /index.php;
    
      }
    
      # example nginx-http-concat
      # /csstest/??one.css,two.css
      #location /csstest {
      #concat on;
      #concat_max_files 20;
      #}
    
    include /usr/local/nginx/conf/staticfiles.conf;
    include /usr/local/nginx/conf/php.conf;
    #include /usr/local/nginx/conf/phpstatus.conf;
    include /usr/local/nginx/conf/drop.conf;
    #include /usr/local/nginx/conf/errorpage.conf;
    
      }
    
     
  20. RoldanLT

    RoldanLT Well-Known Member

    3,979
    965
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,329
    Local Time:
    11:25 AM
    1.11
    10.2
    I think you must put your host name also.