Now that Google is giving raking boosts to websites and blogs using https, many webmasters are figuring ways to implement SSL for that WordPress websites.
This blog post is going to show you how to enable SSL or HTTPS for WordPress easily so your site can begin ranking well in Google search results.
In this blog post, I am going to show you how to create a self-signed certificate to test your site with and if everything is working, you can then acquire a real SSL certificate for your site or blog.
Using a self signed certificate allows you to test your settings before implementing general SSL for your websites. Switching from self-signed to general SSL isn’t difficult, and if the self-signed certificates work in your environment, then the general SSL certificate should also work.
When you’re ready, go and configure a self-signed certificate for your site. To do this in CentOS, continue with the steps below.
First, satisfy all WordPress requirements. You should install a web server (Nginx for the post), database server and PHP modules and scripts.
To do that, run the commands below.
yum -y install mysql-server mysql-client php php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel php-mysql
To install Nginx web server, run the commands below to enable this repository.
rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
Then run the commands below to install nginx
yum install nginx
Next, create a SSL directory to host your SSL certificates. To do that, run the commands below
mkdir /etc/nginx/ssl
Then change into that SSL directory to create the server private keys along with other certificates.
cd /etc/nginx/ssl
Next, create the server private certificate. This is the server private key which can be used along with the certificate signing request to generate an SSL certificate.
To create the server private key, run the commands below.
sudo openssl genrsa -des3 -out server.key 2048
Then run the commands below to generate a certificate signing request key using the server private key to create a SSL certificate.
sudo openssl req -new -key server.key -out server.csr
When you run the above commands, you should prompted with some questions about the entity when creating the certificate. Use the tips below to answer
- Common Name: The fully-qualified domain name, or URL, you’re securing.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com. - Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.
- Organization Unit: If applicable, enter the DBA (doing business as) name. If you’re securing a single blog, then type the blog owner’s name here.
- City or Locality: Name of the city where your organization is registered/located.
- State or Province: Name of the state or province where your organization is located.
- Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
After that, both the server.key and server.crt should be created and installed in the /etc/nginx/ssl directory.
If you don’t want to continuously type the passphrase for the server key every time you reboot or restart Nginx, you must remove it. To do that, run the commands below.
sudo cp server.key server.key.orig
sudo openssl rsa -in server.key.orig -out server.key
Next, sign the certificate to be valid for 365 days or one year.
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Finally, go to Nginx default site configuration file and enter these lines in the server block.
server {
listen 443;
server_name example.com;
root /usr/share/nginx/www;
index index.html index.htm index.php;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
}
Now all you have to do is upload WordPress content to the DocumentRoot directory and configure. Also, make sure you have also created a database and database user to connect with.
To learn how to install WordPress, read this post.
You’ll also want to enable post 443 through the firewall.
If you can get WordPress working with this setup, then adding secure general certificate should also work. All you have to do when you have registered for a secure SSL is to change the ssl_certificate and ssl_certificate_key to reference the new files.
Enjoy!