Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Setting up a SSL Cert from Comodo
- I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.
- These are the steps I went through to set up an SSL cert.
- Purchase the cert
- Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You'll be asked for the content of the CSR file when ordering the certificate.
- openssl req -new -newkey rsa:2048 -nodes -keyout example_com.key -out example_com.csr
- This gives you two files:
- example_com.key -- your Private key. You'll need this later to configure ngxinx.
- example_com.csr -- Your CSR file.
- Now, purchase the certificate [1], follow the steps on their site, and you should soon get an email with your PositiveSSL Certificate. It contains a zip file with the following:
- Root CA Certificate - AddTrustExternalCARoot.crt
- Intermediate CA Certificate - COMODORSAAddTrustCA.crt
- Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
- Your PositiveSSL Certificate - www_example_com.crt (or the subdomain you gave them)
- steps
- 1. cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
- 2. mkdir -p /etc/nginx/ssl/example_com/
- mv ssl-bundle.crt /etc/nginx/ssl/example_com
- 3.mv example_com.key /etc/nginx/ssl/example_com/
- 4.server {
- listen 443;
- ssl on;
- ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt;
- ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key;
- # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- # ...
- }
Add Comment
Please, Sign In to add comment