Skip to content

Instantly share code, notes, and snippets.

@marvindanig

marvindanig/gist:10f6a4585cd9409c3afb

Forked from ipedrazas/gist:6d6c31144636d586dcc3
Last active August 29, 2015 14:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save marvindanig/10f6a4585cd9409c3afb to your computer and use it in GitHub Desktop.
Save marvindanig/10f6a4585cd9409c3afb to your computer and use it in GitHub Desktop.
Download ZIP
How to chain PositiveSSL Certificates with Nginx
Raw
gistfile1.md

The process starts by creating the CSR and the private key:

openssl req -nodes -newkey rsa:2048 -nodes -keyout dotmarks.net.key -out dotmarks.net.csr -subj "/C=GB/ST=London/L=London/O=dotmarks/OU=IT/CN=dotmarks.net"

Generates

  • dotmarks.net.key
  • dotmarks.net.csr

After validation, you will get a zip file with 4 files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • dotmarks_net.crt

We have to create a certificate with all the intermediate certs.

# order is important!
cat dotmarks_net.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > dotmarks.pem

Once we have this pem file, we can configure nginx:

ssl    on; 
ssl_certificate         /etc/nginx/ssl/dotmarks.net/dotmarks.pem;
ssl_certificate_key     /etc/nginx/ssl/dotmarks.net/dotmarks.net.key;

Then you just have to restart nginx:

sudo service nginx reload sudo service nginx restart

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment