openssl genrsa -des3 -out do2.key 2048
Убираю пароль:
cp do2.key do2_original.key
openssl rsa -in do2_original.key -out do2_without_pass.key
openssl req -new -key do2.key -out ivan.bessarabov.csr
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Moscow
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:bessarabov
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:ivan.bessarabov.ru
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1209
cat ivan_bessarabov_ru.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > ivan.bessarabov.ru.ca-bundle
server {
listen 80;
server_name ivan.bessarabov.ru;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name ivan.bessarabov.ru;
ssl on;
ssl_certificate /etc/nginx/ssl/ivan.bessarabov.ru.ca-bundle;
ssl_certificate_key /etc/nginx/ssl/do2_without_pass.key;
access_log /var/log/nginx/ivan.bessarabov.ru.access.log;
location / {
...
}
}