[Unix Certs] Generating CSR request, installing SSL cert and configuring Nginx on ubuntu 12.04LTS #ssl #certs

generate_csr

cd /etc/ssl
openssl req -nodes -newkey rsa:2048 -keyout domain.key -out domain.csr

Generating a 2048 bit RSA private key
.................................................................................+++
........................+++
writing new private key to 'domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Surrey
Locality Name (eg, city) []:Guildford
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Acme Trading Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:*.domain.co.uk # The * is only for wildcard certs
Email Address []:email@domain.co.uk

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

root@domain:/etc/ssl# ll
total 52
drwxr-xr-x  4 root root      4096 Apr  8 14:10 ./
drwxr-xr-x 95 root root      4096 Mar 21 08:02 ../
drwxr-xr-x  2 root root     20480 Mar  5 13:24 certs/
-rw-r--r--  1 root root      1110 Apr  8 14:10 domain.co.uk.csr
-rw-r--r--  1 root root      1704 Apr  8 14:10 domain.co.uk.key
-rw-r--r--  1 root root     10835 Aug 21  2012 openssl.cnf
drwx--x---  2 root ssl-cert  4096 Mar  5 13:24 private/

mv domain.co.uk.key private/
cd private
chown root:ssl-cert domain.co.uk.key
chmod o-r domain.co.uk.key

root@domain:/etc/ssl/private# ll
total 16
drwx--x--- 2 root ssl-cert 4096 Apr  8 14:11 ./
drwxr-xr-x 4 root root     4096 Apr  8 14:11 ../
-rw-r----- 1 root ssl-cert 1704 Apr  8 14:10 domain.co.uk.key
-rw-r----- 1 root ssl-cert 1704 Mar  5 13:24 ssl-cert-snakeoil.key

cd ..

install_ssl_cert

# see instructions below for chained certs

cd /etc/ssl
touch domin_co_uk.pem
# copy and paste ssl cert into domain_co_uk.pem
ls -l
root@domain:/etc/ssl# ll
total 52
drwxr-xr-x  4 root root      4096 Apr 15 16:22 ./
drwxr-xr-x 95 root root      4096 Apr 15 08:03 ../
drwxr-xr-x  2 root root     20480 Mar  5 13:24 certs/
-rw-r--r--  1 root root      1106 Apr  9 11:41 domain.co.uk.csr
-rw-r--r--  1 root root      2123 Apr 15 16:22 domain_co_uk.pem
-rw-r--r--  1 root root     10835 Aug 21  2012 openssl.cnf
drwx--x---  2 root ssl-cert  4096 Apr  9 11:42 private/

# Chained certs

cd /etc/ssl
cat domain.com.crt gd_bundle.crt > domain.com.chained.crt

nginx_vhost

#  (Rails/Passenger)

server {
  listen         80;
  server_name    www.domain.co.uk;
  rewrite        ^ https://domain.co.uk$request_uri? permanent;
}

server {
  listen         80;
  server_name    domain.co.uk;
  rewrite        ^ https://$server_name$request_uri? permanent;
}

server {
  listen                443;
  ssl                   on;
  ssl_certificate       /etc/ssl/domain_co_uk.pem; # or .crt depending on what you called it
  ssl_certificate_key   /etc/ssl/private/domain.co.uk.key;

  server_name domain.co.uk;
  root /var/www/domain.co.uk/current/public;
  passenger_enabled on;
  rails_env production;

  # serve static content directly
  location ~* \.(ico|jpg|gif|png|swf|html)$ {
    if (-f $request_filename) {
      expires max;
      break;
    }
  }
}