Currently Viewing Posts Tagged positive ssl

Renew the SSL Certificate for Yinfor.com

I just renewed the SSL certificate. The cheapest DV SSL certificate I found is from GoGetSSL.com.

I paid by paypal. The price is so good. US$7.90 for two years. Comodo PositiveSSL.

After I installed the certificate on my blog. I check the certificate by clicking on the lock icon on the address bar. It is not shown as Comodo, but Sectigo.

Look at the old certificate.

Details of certificates

Continue reading “Renew the SSL Certificate for Yinfor.com”

Add my Blog to HSTS preload list

Now my Blog, David Yin Blog is https encrypted . And it is also HSTS enabled. And latest, it is HSTS preload enabled.

It has three layers meaning.

  1. https support.
  2. HSTS enabled.
  3. HSTS preload enabled.

Let me explain them one by one.

First, add https support. I did this step on Feb. 2016, when I announced that SSL added. I recorded how I get the SSL certificate and install it on Nginx web server.

After that, all content send back and force from my Blog to an audience is encrypted. Even ISP can not read the content from the data traffic.

comodo-positive ssl-certificate

Second, I add the HSTS into the Nginx configuration, to make it more secure.

What is HSTS?

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,[1] and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797

Continue reading “Add my Blog to HSTS preload list”

SSL added

To provide higher security and better privacy protection, I added SSL certificate on my Blog, here.

When you enter the url of my blog: http:///www.yinfor.com/, it will redirect you to the SSL version, https://www.yinfor.com/

The certificate is purchased from gogetssl.com , three years certificate of Comodo PositiveSSL.

The latest price is $13.15/3years.

comodo_secure_100x85_white

Look at the comodo secure lock, it is a site seal.

Continue reading “SSL added”

Certificate Installation: NGINX with Comodo SSL

Here is the guide to show you how to install the Comodo SSL certificate in Nginx.

  1. Order Comodo Certificate. And received the Certificate files.
    I don’t discuss how to get it, where to get it. It is another topic. You will receive following files.
    Positive SSL certificate, it is a zip file emailed to you. Unzip it and get four files.
    PositiveSSL-Shalom-Campus1

    • Root CA Certificate – AddTrustExternalCARoot.crt
    • Intermediate CA Certificate – COMODORSAAddTrustCA.crt
    • Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
    • Your PositiveSSL Certificate – www_example_com.crt (or the subdomain you gave them)
  2. Make the file for Nginx
    cat  www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > your_domain_crt.pem 

    I just need your certificate and intermediate certificates. Root is already installed in every single computer or browser. The order of certificates is important.

  3. Save this file into the place you want Nginx use
    mv your_domain_crt.pem /etc/nginx/ssl/
  4. Save your private key in the same place
    mv your_domain_key.pem
  5. Make sure your Nginx config file looks like below
    server {
    listen 443 ssl;
    
    ssl_certificate /etc/nginx/ssl/your_domain_crt.pem;
    ssl_certificate_key /etc/nginx/ssl/your_domain_key.pem;
    
    # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
    # ...
    
    }
  6. Reload Nginx and check if it works by enter https://www.your_domain.com/
  • Archives