Skip to content

Instantly share code, notes, and snippets.

@psgganesh

psgganesh/gist:c651aa0815655c4d59fb

Forked from prellele/gist:1825744
Created November 17, 2015 11:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save psgganesh/c651aa0815655c4d59fb to your computer and use it in GitHub Desktop.
Save psgganesh/c651aa0815655c4d59fb to your computer and use it in GitHub Desktop.
Download ZIP
Using StartSSL Certs with Nginx-Webserver
Raw
gistfile1.md

NOTE: You can check, if your config here:
http://www.sslshopper.com/ssl-checker.html

Decrypt the private key using the password you entered when you created your key:
openssl rsa -in ssl.key -out /etc/nginx/conf/ssl.key

Protect your key from prying eyes:
chmod 600 /etc/nginx/conf/ssl.key

Fetch StartSSL’s root CA and class 1 intermediate server CA certificates:
wget http://www.startssl.com/certs/sub.class1.server.ca.pem

Create a unified certificate from your certificate and the CA certificates:
cat ssl.crt sub.class1.server.ca.pem > /etc/nginx/conf/ssl-unified.crt

Configure your nginx server to use the new key and certificate (in the global settings or a server section):
ssl on;
ssl_certificate /etc/nginx/conf/ssl-unified.crt;
ssl_certificate_key /etc/nginx/conf/ssl.key;

Now reload Nginx configuration

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment