Skip to content

Instantly share code, notes, and snippets.

@singhabhinav

singhabhinav/gist:132b8196abac026b43fa

Last active November 4, 2024 18:20
Show Gist options
  • Save singhabhinav/132b8196abac026b43fa to your computer and use it in GitHub Desktop.
Save singhabhinav/132b8196abac026b43fa to your computer and use it in GitHub Desktop.
Download ZIP
Install SSL certificate in Nginx (Using .crt & .ca-bundle certificate files)
Raw
gistfile1.txt
Step 1 - Create .crt file
cat domainname.crt domainname.ca-bundle > domainname-ssl-bundle.crt
Step 2-
Add lines for ssl_certificate in nginx configuration
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/ssl/certs/domainname-ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/domainname.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
}
@hriziya
Copy link

hriziya commented Feb 21, 2020

you need to break line after -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- of every chain otherwise won't work, so only cat not enough

Thanks!

@FALL1N1
Copy link

FALL1N1 commented Mar 16, 2020

merge the cabundle and certificate into one file

cat cert.pem cabundle.pem >> combined.pem

and set ssl_certificate to 'combined.pem'

@junebug12851
Copy link

omg, thank you!!!! My first time dealing with a certificate, it was straightforward and easy but certainly not when your trying to figure things out the first time lol. Lots of varying issues along the way. All a learning lesson, should have the process down now. Your gist saved me further headache on this lol.

@ivanelianto
Copy link

Muchos gracias!!

@Rahul13308
Copy link

I have .crt file and .ca-Bundle.
but when i configure it according to all above steps it is giving me errot :
cannot load certificate key : PEM_read_bio_PrivateKey() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY)
I don't have Key file i have only two files mention above.
So please let me know what is wrong.

@OpencloudPro
Copy link

I have .crt file and .ca-Bundle.
but when i configure it according to all above steps it is giving me errot :
cannot load certificate key : PEM_read_bio_PrivateKey() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY)
I don't have Key file i have only two files mention above.
So please let me know what is wrong.

Hi, do you managed to do this?

@BananaNeil
Copy link

I have .crt file and .ca-Bundle. but when i configure it according to all above steps it is giving me errot : cannot load certificate key : PEM_read_bio_PrivateKey() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY) I don't have Key file i have only two files mention above. So please let me know what is wrong.

The private key should have been created when you generated your CSR.

@danielkwok21
Copy link

I have .crt file and .ca-Bundle. but when i configure it according to all above steps it is giving me errot : cannot load certificate key : PEM_read_bio_PrivateKey() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: ANY PRIVATE KEY) I don't have Key file i have only two files mention above. So please let me know what is wrong.

Hi, this helped me - https://stackoverflow.com/a/31736141

TLDR
Mine was ----BEGIN RSA PRIVATE KEY----- vs -----BEGIN RSA PRIVATE KEY-----, it was missing a - character.
Took me an hour to notice the problem.

Hope it helps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment