bessarabov/gist:8158240

## gistfile1.md

      
    Raw
  

              gistfile1.md
            
          
    server

https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04
openssl genrsa -des3 -out do2.key 2048

Убираю пароль:
cp do2.key do2_original.key
openssl rsa -in do2_original.key -out do2_without_pass.key

ivan.bessarabov.ru

openssl req -new -key do2.key -out ivan.bessarabov.csr

Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Moscow
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:bessarabov
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:ivan.bessarabov.ru
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

bungle

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1209
cat ivan_bessarabov_ru.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > ivan.bessarabov.ru.ca-bundle

nginx

server {
    listen   80;
    server_name  ivan.bessarabov.ru;

    rewrite ^(.*) https://$host$1 permanent;
}

server {
    listen   443;

    server_name  ivan.bessarabov.ru;

    ssl on;

    ssl_certificate /etc/nginx/ssl/ivan.bessarabov.ru.ca-bundle;
    ssl_certificate_key /etc/nginx/ssl/do2_without_pass.key;

    access_log  /var/log/nginx/ivan.bessarabov.ru.access.log;

    location / {
        ...
    }


}