Created
August 27, 2014 13:10
-
-
Save thor48/581d9f33ca9c773fbdde to your computer and use it in GitHub Desktop.
SSL & NGINX - GoDaddy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nginx and Go Daddy SSL certificates | |
| Generate the CSR: | |
| 1 openssl genrsa 2048 > yourhost.com.key | |
| 2 openssl req -new -key yourhost.com.key > yourhost.com.csr | |
| Enter in whatever you want - you NEED the "Common Name" everything else is not really required for it to work. | |
| 01 Country Name (2 letter code) [AU]:US | |
| 02 State or Province Name (full name) [Some-State]:. | |
| 03 Locality Name (eg, city) []:. | |
| 04 Organization Name (eg, company) [Internet Widgits Pty Ltd]:Something Here | |
| 05 Organizational Unit Name (eg, section) []:. | |
| 06 Common Name (eg, YOUR name) []:yourhost.com | |
| 07 Email Address []:. | |
| 08 | |
| 09 Please enter the following 'extra' attributes | |
| 10 to be sent with your certificate request | |
| 11 A challenge password []: | |
| 12 An optional company name []: | |
| Paste the CSR into Go Daddy, get back the .crt file | |
| Combine the cert + Go Daddy chain: | |
| 1 cat yourhost.com.crt gd_bundle.crt > yourhost.com.pem | |
| Lastly, in nginx.conf: | |
| 1 ssl_certificate /etc/nginx/certs/yourhost.com.pem; | |
| 2 ssl_certificate_key /etc/nginx/certs/yourhost.com.key; | |
| Additionally I have these SSL tweaks which seems to maintain a better SSL experience, passes McAfee Secure's SSL checks, etc.: | |
| 1 ssl on; | |
| 2 ssl_protocols SSLv3 TLSv1; | |
| 3 ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP; | |
| 4 ssl_session_cache shared:SSL:10m; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment