mufus/install-comodo-ssl-cert-for-nginx.rst

## install-comodo-ssl-cert-for-nginx.rst

      
    Raw
  

              install-comodo-ssl-cert-for-nginx.rst
            
          
    Setting up a SSL Cert from Comodo

Purchasing a Comodo PositiveSSL cert via gogetssl.com and installing it on an Nginx server.

Purchase the cert

Prior to purchasing a cert, you need to generate a private key, and a CSR file
(Certificate Signing Request). You'll be asked for the content of the CSR file
when ordering the certificate.
openssl req -nodes -newkey rsa:2048 -keyout example_com.key -out example_com.csr

This gives you two files:


example_com.key -- your Private key. You'll need this later to configure ngxin.
example_com.csr -- Your CSR file.


Now, purchase the certificate. You'll get an email with your PositiveSSL Certificate. It contains
a zip file with the following:


Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - PositiveSSLCA2.crt
Your PositiveSSL Certificate - example_com.crt


Install the Commodo SSL cert

Combine everything for Nginx:

Combine the above crt files into a bundle (the order matters, here):
cat example_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt


Store the bundle wherever Nginx expects to find it:
mkdir -p /etc/nginx/ssl/example_com/
mv ssl-bundle.crt /etc/nginx/ssl/example_com/


Make sure your nginx config points to the right cert file and to the private
key you generated earlier:
server {
    listen 443;
    server_name example_com

    ssl on;
    ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key;

    # ...

}

server {
    listen         80;
    server_name    example_com;
    rewrite        ^ https://$server_name$request_uri? permanent;
}


Restart nginx.