{"id":3383,"date":"2015-09-23T23:31:23","date_gmt":"2015-09-23T22:31:23","guid":{"rendered":"https:\/\/blog.ed.gs\/?p=3383"},"modified":"2015-09-23T23:31:23","modified_gmt":"2015-09-23T22:31:23","slug":"wordpress-self-signed-ssl-certificates","status":"publish","type":"post","link":"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/","title":{"rendered":"CloudFlare WordPress Self Signed SSL Certificates"},"content":{"rendered":"

I use CloudFlare to secure and speed up every site I’m involved in, it’s a no-brainer as it’s free and provides security protection, caching and free SSL for all of your sites. I decided to turn on their Full SSL setting today after creating my own self signed SSL certificate, previously I had been using their Flexible SSL, which required no SSL on the host server as they provided the certificate and it never had to touch your server. <\/p>\n

The problem with this is that the connection between the client and CloudFlare is secure, but the connection between CloudFlare and the host server isn’t. Enabling Full SSL secures it end to end, but you can use a self signed certificate in the process. There is also the Strict SSL setting, which requires a validated SSL certificate from a proper authority, but I’m not buying a wildcard certificate + certs for all the domains I host, so Full SSL + self signed SSL is fine for me. It seems to have improved the speed massively doing this, not sure if it’s due to it trying HTTPS at my server first and then falling back to HTTP, but it’s noticeably faster now.<\/p>\n

Here’s what I did:<\/p>\n

\nmkdir /etc/nginx/ssl && cd /etc/nginx/ssl\n\nopenssl genrsa 2048 > edgs-wildcard.key\n\nopenssl req -new -x509 -nodes -sha1 -days 3650 -key edgs-wildcard.key > edgs-wildcard.cert\n<\/pre>\n

Fill in the fields as required but make sure to set the Common Name as your wildcard domain, e.g. *.ed.gs, or just go the whole hog and use * on it’s own to allow any domain.<\/p>\n

\ncat edgs-wildcard.cert edgs-wildcard.key > edgs-wildcard.pem\n\nchmod 644 edgs-wildcard.key edgs-wildcard.pem\n<\/pre>\n

Now you need to edit \/etc\/nginx\/nginx.conf and add into the http{} block:<\/p>\n

\nssl_prefer_server_ciphers on;\nssl_protocols TLSv1 TLSv1.1 TLSv1.2;\nssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';\n\nssl_certificate      /etc/nginx/ssl/edgs-wildcard.pem;\nssl_certificate_key  /etc/nginx/ssl/edgs-wildcard.key;\nresolver 8.8.4.4 8.8.8.8 valid=300s;\nresolver_timeout 10s;\n\nssl_session_cache shared:SSL:32m;\nssl_buffer_size 8k;\nssl_session_timeout 15m;\n<\/pre>\n

Now go into your sites-enabled file, e.g. edgs.conf, and add a new listening port for SSL:<\/p>\n

\nlisten 443 deferred ssl spdy;\n<\/pre>\n

Test nginx to make sure the config works ok:<\/p>\n

\nnginx -t\n<\/pre>\n

If everything is working correctly then you can restart nginx:<\/p>\n

\n/etc/init.d/nginx restart\n<\/pre>\n

You can now set Full SSL in Cloudflare and test it’s all working correctly.<\/p>\n

The last bit you need to do to let WordPress accept self-signed certificates is create a plugin with the following and enable it, e.g. \/var\/www\/wp-content\/plugins\/custom\/custom.php<\/b>:<\/p>\n

\n\n<\/pre>\n

It may be worth adding your primary domain to the \/etc\/hosts<\/b> file also so it knows to check locally:<\/p>\n

\n127.0.0.1 ed.gs\n<\/pre>\n

That should be it, now when you connect to your site you should notice it being faster, it should also fix any errors you have during the Upgrade WordPress task as it cycles through your sites to update them.<\/p>\n

As usual give me a shout below if you need any help.<\/p>\n","protected":false},"excerpt":{"rendered":"

I use CloudFlare to secure and speed up every site I’m involved in, it’s a no-brainer as it’s free and provides security protection, caching and free SSL for all of your sites. I decided to turn on their Full SSL setting today after creating my own self signed SSL certificate, previously I had been using […]<\/p>\n","protected":false},"author":2,"featured_media":3575,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false},"categories":[16,46,72],"tags":[],"yoast_head":"\nCloudFlare WordPress Self Signed SSL Certificates - E<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CloudFlare WordPress Self Signed SSL Certificates - E\" \/>\n<meta property=\"og:description\" content=\"I use CloudFlare to secure and speed up every site I’m involved in, it’s a no-brainer as it’s free and provides security protection, caching and free SSL for all of your sites. I decided to turn on their Full SSL setting today after creating my own self signed SSL certificate, previously I had been using […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/\" \/>\n<meta property=\"og:site_name\" content=\"E\" \/>\n<meta property=\"article:published_time\" content=\"2015-09-23T22:31:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/static.ed.gs\/wp-content\/uploads\/2015\/09\/photo-1439853949127-fa647821eba0.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1365\" \/>\n\t<meta property=\"og:image:height\" content=\"2048\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ed\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ed\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/\",\"url\":\"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/\",\"name\":\"CloudFlare WordPress Self Signed SSL Certificates - E\",\"isPartOf\":{\"@id\":\"https:\/\/ed.gs\/#website\"},\"datePublished\":\"2015-09-23T22:31:23+00:00\",\"dateModified\":\"2015-09-23T22:31:23+00:00\",\"author\":{\"@id\":\"https:\/\/ed.gs\/#\/schema\/person\/d775615f2296ad0129fa3ea66346c628\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ed.gs\/#website\",\"url\":\"https:\/\/ed.gs\/\",\"name\":\"E\",\"description\":\"automation, consultancy, project management, web\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ed.gs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/ed.gs\/#\/schema\/person\/d775615f2296ad0129fa3ea66346c628\",\"name\":\"Ed\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/ed.gs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4fe1dfaed09e6bdceb557d3008f5cc47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4fe1dfaed09e6bdceb557d3008f5cc47?s=96&d=mm&r=g\",\"caption\":\"Ed\"},\"url\":\"https:\/\/ed.gs\/author\/ed\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CloudFlare WordPress Self Signed SSL Certificates - E","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/","og_locale":"en_GB","og_type":"article","og_title":"CloudFlare WordPress Self Signed SSL Certificates - E","og_description":"I use CloudFlare to secure and speed up every site I’m involved in, it’s a no-brainer as it’s free and provides security protection, caching and free SSL for all of your sites. I decided to turn on their Full SSL setting today after creating my own self signed SSL certificate, previously I had been using […]","og_url":"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/","og_site_name":"E","article_published_time":"2015-09-23T22:31:23+00:00","og_image":[{"width":1365,"height":2048,"url":"https:\/\/static.ed.gs\/wp-content\/uploads\/2015\/09\/photo-1439853949127-fa647821eba0.jpeg","type":"image\/jpeg"}],"author":"Ed","twitter_misc":{"Written by":"Ed","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/","url":"https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/","name":"CloudFlare WordPress Self Signed SSL Certificates - E","isPartOf":{"@id":"https:\/\/ed.gs\/#website"},"datePublished":"2015-09-23T22:31:23+00:00","dateModified":"2015-09-23T22:31:23+00:00","author":{"@id":"https:\/\/ed.gs\/#\/schema\/person\/d775615f2296ad0129fa3ea66346c628"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ed.gs\/2015\/09\/23\/wordpress-self-signed-ssl-certificates\/"]}]},{"@type":"WebSite","@id":"https:\/\/ed.gs\/#website","url":"https:\/\/ed.gs\/","name":"E","description":"automation, consultancy, project management, web","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ed.gs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/ed.gs\/#\/schema\/person\/d775615f2296ad0129fa3ea66346c628","name":"Ed","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/ed.gs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4fe1dfaed09e6bdceb557d3008f5cc47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4fe1dfaed09e6bdceb557d3008f5cc47?s=96&d=mm&r=g","caption":"Ed"},"url":"https:\/\/ed.gs\/author\/ed\/"}]}},"_links":{"self":[{"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/posts\/3383"}],"collection":[{"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/comments?post=3383"}],"version-history":[{"count":0,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/posts\/3383\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/media\/3575"}],"wp:attachment":[{"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/media?parent=3383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/categories?post=3383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ed.gs\/wp-json\/wp\/v2\/tags?post=3383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}