SSL证书安装指南 - Resin
一旦您申请的SSL证书成功颁发,您会收到一个Email通知您取回证书,点击邮件中的取回证书链接,就可以得到您的证书。直接复制页面的显示的证书公钥文件,并用记事本另存为 mycert.crt 即可。 同时,您还需要下载中级根证书和交叉签名根证书,另存为:intermediate.cer 和 ca1_xs.cer,放到与 www.mydomain.com.crt 同一个目录即可。点击 这里 下载交叉签名根证书;如果你购买的是 OV超真SSL 系列证书,请点 这里 下载中级根证书;如果你购买的是 DV超快SSL 系列证书,请点 这里 下载中级根证书;如果你购买的是 EV超安SSL 系列证书,请点 这里 下载中级根证书。
2. 导入证书 Import the certificate
请使用以下命令导入交叉根证书到您的Keystore中:
Use the keytool command to import the root certificates as follows:
keytool -import -trustcacerts -alias root -file ca1_xs.cer -keystore [keystore_name]
请使用以下命令导入WoSign中级根证书到您的Keystore中:
Use the same process for the WoSign certificate using the keytool command:
keytool -import -trustcacerts -alias INTER -file intermediate.cer -keystore [keystore_name]
请使用以下命令导入您的证书到您的Keystore中,其中:
Use the same process for the site certificate using the keytool command, if you are using an alias then please include the alias command in the string:
keytool -import -trustcacerts -alias [keyEntry_name] -file mycert.crt -keystore [keystore_name]
请注意:如果您在生成 keystore 没有指定名称,则不需要 -keystore 选项。
Note: If you did not specify a keystore name when the keystore was originally generated please omit the -keystore parameter from the command)
在运行此命令时会提示您输入密码,也就是您在生成 keystore 时设置的密码。
When you execute this command you will be prompted for the keystore password, please specify the password you set when you generated the keystore.
3. 修改Resin配置文件(resin.conf), Edit the Resin configuration file (resin.conf)
检查和修改配置文件resin.conf:
.........
Resin 在文件resin.conf中保存SSL配置信息,请确保Resin能正常读取keystore文件和密码,并且8443端口已经打开。
Resin keeps its configuration information in a resin.conf file, make sure Resin is reading the correct keystore file and keystore password and that port 8443 is enabled for secure connections.
请检查和修改keystoreFile的目录正确和keystore密码正确。
Please make sure the ‘keystoreFile' directive is referencing the correct keystore and the 'KeystorePass' directive is referencing the correct keystore password.
请保存配置文件,重新启动Resin。
Please save the changes and stop and start Resin.
4. 完成配置 Setup the server
请一定要分配8443端口和一个固定的IP地址给主机(注意:防火墙一定要开放8443端口TCP)。
Make sure you assign port 8443 and a unique ip address to the virtual host.Note: If the server is behind a firewall please make sure port 8443 has been enabled on the firewall.
在浏览器地址栏输入:https://yourdomain.com(申请证书的域名)测试您的SSL证书是否安装成功,如果成功,则浏览器下方会显示一个安全锁标志。请注意:如果您的网页中有不安全的元素,则会提供“是否显示不安全的内容”,建议修改网页删除不安全的内容。
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.