在 ubuntu nginx下安裝 Godaddy SSL 憑證
<div><div><span style="line-height: 20.796875px;">這篇是自己使用 Godaddy SSL 的購買與安裝流程~~</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><font color="Green" size="3"><span style="line-height: 20.796875px;">1. 確認網域資訊</span></font></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">在購買 SSL 之前,必須先擁有一個認證的網域。我們可以使用 whois 來查詢網域的申請資料。whois 查詢出來的資料,請確定 “Administrative Contact Email” 的電子信箱是正確的。因為 SSL 會以此信箱為對象寄發。</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><font color="DarkGreen" size="3"><span style="line-height: 20.796875px;">2. 產生 Private Key / CSR (Certificate signing request)</span></font></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">$ <font color="RoyalBlue">openssl genrsa –out server.key 2048</font></span></div><div><span style="line-height: 20.796875px;">(一定要記得你輸入的 passphrase)</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">$ <font color="RoyalBlue">openssl req -new -key server.key -out server.csr</font></span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">Country Name (2 letter code) [AU]: TW</span></div><div><span style="line-height: 20.796875px;">State or Province Name (full name) [Some-State]: Taiwan</span></div><div><span style="line-height: 20.796875px;">Locality Name (eg, city) []: Taichung</span></div><div><span style="line-height: 20.796875px;">Organization Name (eg, company) [Internet Widgits Pty Ltd]: ADJ</span></div><div><span style="line-height: 20.796875px;">Organizational Unit Name (eg, section) []: IT Department</span></div><div><span style="line-height: 20.796875px;">Common Name (eg, YOUR name) []: <your-domain> (這裡一定要輸入正確的網域)</span></div><div><span style="line-height: 20.796875px;">Email Address []: </span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">Please enter the following 'extra' attributes to be sent with your certificate request</span></div><div><span style="line-height: 20.796875px;">A challenge password []: (可不填)</span></div><div><span style="line-height: 20.796875px;">An optional company name []: (可不填)</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><font color="DarkGreen" size="3"><span style="line-height: 20.796875px;">3. Godaddy SSL</span></font></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">Godaddy SSL 的大類分為 “Standard SSL” 及 “Deluxe SSL",進一步又可再細分為 "Single Domain"、"Multiple Domain” 及 “Unlimited Sub Domains"。你可以在網站上試算一下何方案對你比較有利。我自己用的是 Single Domain…</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">購買後約等幾分鐘,你就會收到 Godaddy 寄發的訊息。此時登入 Godaddy 後台,你可以在 "SSL Certificates” 看到你購買的紀錄。接著從 “Pending Request” 中設定你的 SSL。若你是購買 “Multiple Domain",則可以設定多個。</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">切記,若你的伺服器不是放在 Godaddy 自家的服務,設定的時候寄得要選 "Third Party, or Dedicated Server or Virtual Dedicated Server”。</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">當 Godaddy 要求你提供 CSR (Certificate signing request) 時,請將先前產生的 server.csr 的內容全部貼上。</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">設定完成後,Godaddy 會寄發 whois 提供的電子信箱,裡面附著認證碼。唯有通過認證後,SSL 才會由 “Pending Request” 變更為 “Certificates"。</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><font color="DarkGreen" size="3"><span style="line-height: 20.796875px;">4. 下載 SSL</span></font></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">從 Godaddy 下載 SSL 時,會包含兩個檔案:</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;"> <your-domain>.crt</span></div><div><span style="line-height: 20.796875px;"> gd_bundle.crt</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">記得要將 "gd_bundle.crt” 的內容全部貼到 <your-domain>.crt,否則有些瀏覽器會不支援你的 SSL。</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><font color="DarkGreen" size="3"><span style="line-height: 20.796875px;">5. 伺服器配置 SSL</span></font></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">準備好 server.key 以及 server.crt (包括 gd_bundle.crt 的內容)。</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">以 Nginx 為例:</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">server {</span></div><div><span style="line-height: 20.796875px;"> listen 443;</span></div><div><span style="line-height: 20.796875px;"> server_name example.com;</span></div><div><span style="line-height: 20.796875px;"> ssl on;</span></div><div><span style="line-height: 20.796875px;"> ssl_certificate /etc/nginx/certs/server.crt;</span></div><div><span style="line-height: 20.796875px;"> ssl_certificate_key /etc/nginx/certs/server.key;</span></div><div><span style="line-height: 20.796875px;">}</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">重新啟動 Nginx 時,會詢問先前產生 crt 時所輸入的 passphrase,輸入正確才會正常啟動。</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><font color="DarkGreen" size="3"><span style="line-height: 20.796875px;">6. 移除 passphrase</span></font></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">有些人會因為某些原因移除 passphrase 保護。若有這個需求,可以執行:</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">$ cp server.key server.key.org</span></div><div><span style="line-height: 20.796875px;">$ openssl rsa -in server.key.org -out server.key</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">然後用這個 key 取代先前的 key,如此每次啟動網頁伺服器的時候就不會再詢問 passphrase。</span></div><div><span style="line-height: 20.796875px;"><br></span></div><div><span style="line-height: 20.796875px;">參考網站:</span></div><div><span style="line-height: 20.796875px;">1.http://www.gcos.me/2013-08-08_buy-ssl-from-godaddy.html</span></div><div><span style="line-height: 20.796875px;">2.http://big5.china-code.net/ap-ccFEct-358118.html</span></div></div>