如何让网站HTTPS评级为A或者A+

环境说明：CentOS Linux release 7.5.1804 (Core)、nginx/1.10.0

需求：公司网站在myssl的评级只得到了B的评分，需要提升至A+

具体操作如下：

一、nginx配置文件如下

server { listen 443; keepalive_timeout 70; ssl on; ssl_certificate /usr/local/nginx/conf/ssl/full_chain_rsa.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/private.key; ssl_session_timeout 1m;

ssl_stapling on; ssl_stapling_verify on; # Requires nginx => 1.3.7 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_cache shared:SSL:1m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; add_header Strict-Transport-Security "max-age=80720000; preload";

server_name test.hb2018.com; root /var/www/web/hb2018.ssl; location / { } }

二、切换到nginx指定的SSL证书目录/usr/local/nginx/conf/ssl/，把相关证书文件上传并生成

把ca_bundle.crt、certificate.crt、private.key这3个文件放在ssl目录下

在ssl此目录下执行命令openssl dhparam -out dhparam.pem 2048

命令执行完就会生成一个dhparam.pem文件，此时证书目录下会有ca_bundle.crt、certificate.crt、private.key、dhparam.pem这4个文件

三、进入myssl网站，点击工具箱，再点击证书链下载

在服务器上执行上图中的curl就可以下载证书链，文件名是full_chain_rsa.crt

此时ssl目录下就有5个文件：ca_bundle.crt、certificate.crt、private.key、dhparam.pem、full_chain_rsa.crt

再次在myssl评级，网站评级已经由B变成A+了

环境说明：CentOS Linux release 7.5.1804 (Core)、nginx/1.10.0 需求：公司网站在myssl的评级只得到了B的评分，需要提升至A+ 具体操作如下： 一、nginx配置文件如下 server { listen 443; keepalive_timeout 70; ssl on; ssl_certificate /usr/local/nginx/conf/ssl/full_chain_rsa.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/private.key; ssl_session_timeout 1m; ssl_stapling on; ssl_stapling_verify on; # Requires nginx => 1.3.7 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_cache shared:SSL:1m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_dhparam /usr/local/nginx/conf/ssl/dhparam.pem; add_header Strict-Transport-Security "max-age=80720000; preload"; server_name test.hb2018.com; root /var/www/web/hb2018.ssl; location / { } } 二、切换到nginx指定的SSL证书目录/usr/local/nginx/conf/ssl/，把相关证书文件上传并生成 把ca_bundle.crt、certificate.crt、private.key这3个文件放在ssl目录下 在ssl此目录下执行命令openssl dhparam -out dhparam.pem 2048 命令执行完就会生成一个dhparam.pem文件，此时证书目录下会有ca_bundle.crt、certificate.crt、private.key、dhparam.pem这4个文件 三、进入myssl网站，点击工具箱，再点击证书链下载 在服务器上执行上图中的curl就可以下载证书链，文件名是full_chain_rsa.crt 此时ssl目录下就有5个文件：ca_bundle.crt、certificate.crt、private.key、dhparam.pem、full_chain_rsa.crt 再次在myssl评级，网站评级已经由B变成A+了