Install the SSL server certificate on KUSANAGI
Combine the server.crt and intermediate.crt files into one file and install it on KUSANAGI.
This means you will add the contents of intermediate.crt onto the end of server.crt so they are one continuous file. Name the new file "connected.crt".
-----BEGIN CERTIFICATE----- MIIFjTCCBHWgAwIBAgIQNP91sDHHDXnuA0Ah99PD3TANBgkqhkiG9w0BAQsFADBC (Abbreviated) hsFI9+pXMeJhRhiiZr4qiriPlfN1u4vJKZLDJvhSLgM2 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIETTCCAzWgAwIBAgIDAjpxMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT (Abbreviated) Px8G8k/Ll6BKWcZ40egDuYVtLLrhX7atKz4lecWLVtXjCYDqwSfC2Q7sRwrp0Mr8 2A== -----END CERTIFICATE-----
Save the connect.crt file and the server.key file that you generated first in /etc/kusanagi.d/ssl. In this article, we chose those file names out of convenience, but if you have multiple profiles on your virtual host, name the files differently for each profile.
Nginx and Apache settings
The settings files for Nginx and Apache are created during provisioning. If you completed WordPress provisioning on KUSANAGI, a file named "[profile name]_ssl.conf" will be saved in /etc/nginx/conf.d/ for Nginx, and in /etc/httpd/conf.d/ for Apache. Replace the parts of the setting file related to the private key and SSL server certificate as follows:
Example for the Nginx setting file “/etc/nginx/conf.d/[profile name]_ssl.conf”
(Abbreviated) ssl_certificate /etc/kusanagi.d/ssl/connected.crt; ssl_certificate_key /etc/kusanagi.d/ssl/server.key; (Abbreviated)
Example for the Apache setting file "/etc/httpd/conf.d/[profile name]_ssl.conf"
(Abbreviated) SSLCertificateFile /etc/kusanagi.d/ssl/connected.crt SSLCertificateKeyFile /etc/kusanagi.d/ssl/server.key (Abbreviated)
Activate the settings
Use the command below to activate the settings.
kusanagi ssl --https redirect --hsts weak
We have now created a WordPress environment with a business SSL server certificate, with HTTP/2 and Always-On SSL.
This time, we built a new WordPress site with Always-On SSL and explained how to get it up and running. If you have an existing WordPress site using the HTTP protocol and you want to apply Always-On SSL, some careful attention is needed. As was explained last time, if any HTTP requests to external resources are made in the database or files on your current WordPress site, they must be edited individually.
Next time, we will introduce techniques for switching a WordPress site that uses the HTTP protocol to Always-On SSL.
