Skip to content

Instantly share code, notes, and snippets.

@msalahat

msalahat/wildcard-ssl-nginx-deployment.md

Last active December 26, 2019 17:35
Show Gist options
  • Save msalahat/3e0aa095ea2df81769615bc4df53e7ee to your computer and use it in GitHub Desktop.
Save msalahat/3e0aa095ea2df81769615bc4df53e7ee to your computer and use it in GitHub Desktop.
Download ZIP
Wildcard SSL Deployment for NGINX
Raw
wildcard-ssl-nginx-deployment.md

SSL Deployment for NGINX

Combine .crt with .ca-bundle

cat [something].crt <(echo) [something].ca-bundle >> [something-bundle].crt

<(echo) is used to put new line between files content.

Generate .key file

Convert it to .pem file

openssl pkcs12 -in [something].pfx -nocerts -out [something].pem

Convert it to key file and remove password

openssl rsa -in [something].pem -out [something].key

Add SSL config to your nginx vhost file

   ssl on;
    ssl_certificate /etc/nginx/ssl/[something-bundle].crt;
    ssl_certificate_key /etc/nginx/ssl/[something].key;
    ssl_prefer_server_ciphers  on;
    ssl_protocols      TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers        AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;

    add_header Strict-Transport-Security "max-age=31536000";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment