SSL no Gandi
De MochilaWiki
Revisão de 00h26min de 5 de dezembro de 2015 por Banto Palmarino (discussão | contribs)
- Autentique no painel
- clique em SSL
- selecione o domínio
- clique em get
- copie o conteúdo e salve num arquivo com o nome nuevo.crt
wget https://www.gandi.net/static/CAs/GandiStandardSSLCA.pem
cat nuevo.crt GandiStandardSSLCA.pem > quijaua-me.crt
mkdir /etc/nginx/ssl/
mv quijaua-me.crt /etc/nginx/ssl/
referencias:
- https://library.linode.com/web-servers/nginx/configuration/ssl
- http://docs.nkosi.org/IRedMail_com_Nginx
- https://nicolas.perriault.net/code/2012/gandi-standard-ssl-certificate-nginx/
- http://wiki.gandi.net/en/hosting/using-linux/tutorials/ubuntu/ssl
- http://wiki.gandi.net/en/ssl/csr
- IRedMail com Nginx
- Certifcado SSL
2015
com base em
conforme
faltou
- https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know
- https://weakdh.org/
- https://en.wikipedia.org/wiki/Forward_secrecy
usar sha2
documentação atual
- http://jlecour.github.io/ssl-gandi-nginx-debian/
- https://fak3r.com/2014/08/04/howto-serve-gandi-ssl-certs-in-nginx/
- http://charlieharvey.org.uk/page/gandi_sha2_intermediate_cert_ssl_tls
no nginx ficou assim
*
server {
listen 80;
server_name quijaua.me www.quijaua.me;
access_log /var/log/nginx/iredmail-access.log;
error_log /var/log/nginx/iredmail-error.log info;
location / {
rewrite ^ https://quijaua.me/mail permanent;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/share/apache2/roundcubemail$fastcgi_script_name;
}
}
server {
listen 443;
server_name quijaua.me;
location / {
root /usr/share/apache2/;
index index.php index.html;
}
location ~ \.php$ {
root /usr/share/apache2;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/apache2$fastcgi_script_name;
fastcgi_param SERVER_NAME $http_host;
fastcgi_ignore_client_abort on;
}
ssl on;
ssl_certificate /etc/nginx/ssl/quijaua-me.crt22;
ssl_certificate_key /etc/nginx/ssl/priv/myserver.key;
}