Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Nginx ssl config

The process starts by creating the CSR and the private key:

openssl req -nodes -newkey rsa:2048 -nodes -keyout dotmarks.net.key -out dotmarks.net.csr -subj "/C=GB/ST=London/L=London/O=dotmarks/OU=IT/CN=dotmarks.net"

Generates

  • dotmarks.net.key
  • dotmarks.net.csr

After validation, you will get a zip file with 4 files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • dotmarks_net.crt

We have to create a certificate with all the intermediate certs.

# order is important!
cat dotmarks_net.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > dotmarks.pem

To avoid the error peer certificate cannot be authenticated with given ca certificates, remove the externalCA:

cat dotmarks_net.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt  > dotmarks.pem

Once we have this pem file, we can configure nginx:

ssl    on; 
ssl_certificate         /etc/nginx/ssl/dotmarks.net/dotmarks.pem;
ssl_certificate_key     /etc/nginx/ssl/dotmarks.net/dotmarks.net.key;

Then you just have to restart nginx:

sudo service nginx reload sudo service nginx restart

@sveba

This comment has been minimized.

Copy link

commented Sep 16, 2014

great. You saved my day. Thanks!

@robertu7

This comment has been minimized.

Copy link

commented Oct 24, 2014

Awesome. Thanks !

@dmtw

This comment has been minimized.

Copy link

commented Nov 27, 2014

THX. Timesaver!

@gonzunigad

This comment has been minimized.

Copy link

commented Jan 10, 2015

awsome!

@denniss

This comment has been minimized.

Copy link

commented Jan 18, 2015

You're a lifesaver

@k00k

This comment has been minimized.

Copy link

commented Jun 18, 2015

+1 Thanks!

@apocat

This comment has been minimized.

Copy link

commented Jan 3, 2016

Thanx!

@rbchain

This comment has been minimized.

Copy link

commented Mar 28, 2018

awsome! I've wasted many hours to fix "SSL error on Android Chrome browser".
Ultemately this step fixed the issue.Thank you

@BrunoVillanova

This comment has been minimized.

Copy link

commented Jan 29, 2019

Thanks man!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.