Purchasing a Comodo PositiveSSL cert via gogetssl.com and installing it on an Nginx server.
Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You'll be asked for the content of the CSR file when ordering the certificate.
openssl req -nodes -newkey rsa:2048 -keyout example_com.key -out example_com.csr
This gives you two files:
example_com.key-- your Private key. You'll need this later to configure ngxin.example_com.csr-- Your CSR file.
Now, purchase the certificate. You'll get an email with your PositiveSSL Certificate. It contains a zip file with the following:
- Root CA Certificate - AddTrustExternalCARoot.crt
- Intermediate CA Certificate - PositiveSSLCA2.crt
- Your PositiveSSL Certificate - example_com.crt
Combine everything for Nginx:
Combine the above crt files into a bundle (the order matters, here):
cat example_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt
Store the bundle wherever Nginx expects to find it:
mkdir -p /etc/nginx/ssl/example_com/ mv ssl-bundle.crt /etc/nginx/ssl/example_com/
Make sure your nginx config points to the right cert file and to the private key you generated earlier:
server { listen 443; server_name example_com ssl on; ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key; # ... } server { listen 80; server_name example_com; rewrite ^ https://$server_name$request_uri? permanent; }Restart nginx.