bradmontgomery/install-startssl-certs-nginx.rst

Last active March 27, 2019 18:04

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/bradmontgomery/6479492.js"></script>
Save bradmontgomery/6479492 to your computer and use it in GitHub Desktop.

Download ZIP

Setting up a StartSSL cert for nginx. Adapted From: http://www.startssl.com/?app=42

Raw

install-startssl-certs-nginx.rst

How to set up an SSL cert from StartSSL

create a private key and certificate and transfer them to your server (do this at startssl.com).
Decrypt the private key by using the password you entered when you created your key:
```
openssl rsa -in ssl.key -out /etc/nginx/conf/ssl.key
```
Protect your key from prying eyes:
```
chmod 600 /etc/nginx/conf/ssl.key
```

Fetch the Root CA and Class 1 Intermediate Server CA certificates:

wget http://www.startssl.com/certs/ca.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem

Create a unified certificate from your certificate and the CA certificates:

cat ssl.crt sub.class1.server.ca.pem ca.pem > /etc/nginx/conf/ssl-unified.crt

Configure your nginx server to use the new key and certificate (in the global settings or a server section):
```
ssl on;
ssl_certificate /etc/nginx/conf/ssl-unified.crt;
ssl_certificate_key /etc/nginx/conf/ssl.key;
```
Tell nginx to reload its configuration:
```
killall -HUP nginx
```
And you’re done!

Jay54520 commented Sep 15, 2017

http://www.startssl.com/certs/sub.class1.server.ca.pem is sub.class1.server.ca.pem？ Is this right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment