Skip to content

Instantly share code, notes, and snippets.

@defel
Last active August 29, 2015 14:03
Show Gist options
  • Save defel/47455f03f35716d9f964 to your computer and use it in GitHub Desktop.
Save defel/47455f03f35716d9f964 to your computer and use it in GitHub Desktop.
SmartOS/nginx: install CaCert Class-3 SSL Certificate
# get root.crt and class3 cert from cacert
curl http://www.cacert.org/certs/root.crt > cacert.root.class3.crt
curl http://www.cacert.org/certs/root.crt > cacert.root.class3.crt
# chain page certificate and cacert class3
cat www.example.com.crt cacert.root.class3.crt > www.example.com.chained.crt
# copy cert and key to nginx config-dir
cp www.example.com.chained.crt /opt/local/etc/nginx/ssl/.
cp www.example.com.pem /opt/local/etc/nginx/
# change owner and rights of the keys and certs
chown www:root /opt/local/etc/nginx/ssl/www.example.com.chained.crt
chown www:root /opt/local/etc/nginx/ssl/www.example.com.pem
chmod 600 /opt/local/etc/nginx/ssl/www.example.com.chained.crt
chmod 600 /opt/local/etc/nginx/ssl/www.example.com.pem
# [...]
http {
# [...]
server {
# [...]
listen 443 ssl;
server_name www.example.com;
server_tokens off;
root www/example;
ssl_certificate ssl/www.example.com.chained.crt;
ssl_certificate_key ssl/www.example.com.pem;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# [...]
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment