Skip to content

Instantly share code, notes, and snippets.

@zouyangdev

zouyangdev/nginx-ssl-config-COMODO.md

Forked from ipedrazas/gist:6d6c31144636d586dcc3
Last active December 2, 2016 07:33
Show Gist options
  • Save zouyangdev/12bf6e6de848b6ccf4c9483de4267d28 to your computer and use it in GitHub Desktop.
Save zouyangdev/12bf6e6de848b6ccf4c9483de4267d28 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx ssl config
Raw
nginx-ssl-config-COMODO.md

The process starts by creating the CSR and the private key:

openssl req -nodes -newkey rsa:2048 -keyout mydomain.com.key -out mydomain.com.csr

Generates

  • mydomain.com.key
  • mydomain.com.csr

After validation, you will get a zip file with 4 files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • mydomain_com.crt

We have to create a certificate with all the intermediate certs.

# order is important!
cat mydomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > mydomain.com.pem

Once we have this pem file, we can configure nginx:

ssl    on; 
ssl_certificate         /etc/nginx/keys/mydomain.com.pem;
ssl_certificate_key     /etc/nginx/keys/mydomain.com.key;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout  5m;

Then you just have to restart nginx:

sudo service nginx configtest
sudo service nginx restart

Use openssl s_client command to verify ssl:

openssl s_client -connect www.mydomain.com:443
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment