Created
November 13, 2012 20:06
-
-
Save eins78/4068054 to your computer and use it in GitHub Desktop.
startssl + nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
APP=nginx | |
HOST=ars | |
CLASS=2 | |
#echo "make key: $APP.$HOST.encrypted.key" | |
#openssl genrsa -des3 -out $APP.$HOST.encrypted.key 2048 | |
echo "make CSR: $APP.$HOST.csr" | |
openssl req -new -key $APP.$HOST.encrypted.key -out $APP.$HOST.csr | |
echo "make decrypted key: $APP.$HOST.key.pem" | |
openssl rsa -in $APP.$HOST.encrypted.key -out $APP.$HOST.key | |
sudo chmod 400 $APP.$HOST.key | |
sudo chown root:root $APP.$HOST.key | |
echo "now go to http://startssl.com and log in" | |
echo ""Control Panel" > "Certificates Wizard" > "Web Server SSL/TLS Certificate"" | |
echo "Skip Key Generation ..." | |
echo "And paste the following CSR: \n" | |
cat $APP.$HOST.csr | |
echo "When you get back the CERT, paste it in the following file:" | |
echo "startssl.$APP.$HOST.cert.pem" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
APP=nginx | |
HOST=ars | |
CLASS=2 | |
echo "downloading startSSL's ca.pem ..." | |
curl http://www.startssl.com/certs/ca.pem > startssl.ca.pem | |
echo "downloading startSSL's sub.class$CLASS.server.ca.pem ..." | |
curl http://www.startssl.com/certs/sub.class$CLASS.server.ca.pem > startssl.class$CLASS.ca.pem | |
echo "making combined cert $APP.$HOST.pem ..." | |
if [ -f startssl.$APP.$HOST.cert.pem ]; then | |
cat startssl.$APP.$HOST.cert.pem startssl.ca.pem startssl.class$CLASS.ca.pem > $APP.$HOST.pem | |
else | |
echo "No CERT "startssl.$APP.$HOST.cert.pem" found!" | |
exit 1 | |
fi | |
echo "Finished making SSL stuff" | |
echo "Now edit your config:" | |
echo " \ | |
server { \n\ | |
listen 443; \n\ | |
ssl on; \n\ | |
ssl_certificate /etc/nginx/ssl/$APP.$HOST.pem; \n\ | |
ssl_certificate_key /etc/nginx/ssl/$APP.$HOST.key; \n\ | |
... \n\ | |
}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment