介绍
MySSL.com 是亚洲诚信(TrustAsia®)应用于HTTPS最佳安全实践的SSL安全评估系统和在线证书工具集。
亚洲诚信(TrustAsia®)是亚数信息科技(上海)有限公司应用于信息安全领域的品牌。这其中包括国际第一大品牌赛门铁克(Symantec™)SSL数字证书、代码签名证书,技术支持与售后服务等, 还拥有世界领先的亚洲诚信(TrustAsia®)自主知识产权的 SSL安全评估系统、SSL证书MPKI™管理平台、SSL证书云安全(SSLCloud™)监控检测平台,以及先进的《加密无处不在》网络安全综合解决方案、 密钥保护安全解决方案等一系列网络信息安全管理解决方案。
证书申请
IT基础设施:在CentOS7中为nginx布署免费SSL证书
IT基础设施:使用acme.sh申请免费泛域名证书
配置代码
upstream heibing
{
server 127.0.0.1:12345;
}
server {
server_name www.heibing.org;
listen 80;
location /
{
proxy_pass http://heibing;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
server_name www.heibing.org;
client_max_body_size 50M;
location /
{
proxy_pass http://heibingwww;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/www.heibing.org.pem;
ssl_certificate_key /etc/ssl/www.heibing.org.pem;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
add_header Strict-Transport-Security "max-age=31536000";
}