nginx and Go Daddy SSL certificates
- Generate the CSR:
openssl genrsa 2048 > yourhost.com.key openssl req -new -key yourhost.com.key > yourhost.com.csr
- Enter in whatever you want - you NEED the "Common Name" everything else is not really required for it to work.
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:. Organization Name (eg, company) [Internet Widgits Pty Ltd]:Something Here Organizational Unit Name (eg, section) []:. Common Name (eg, YOUR name) []:yourhost.com Email Address []:. Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
- Paste the CSR into Go Daddy, get back the .crt file
- Combine the cert + Go Daddy chain:
cat yourhost.com.crt gd_bundle.crt > yourhost.com.pem
- Lastly, in nginx.conf:
ssl_certificate /etc/nginx/certs/yourhost.com.pem; ssl_certificate_key /etc/nginx/certs/yourhost.com.key;
Additionally I have these SSL tweaks which seems to maintain a better SSL experience, passes McAfee Secure's SSL checks, etc.:
ssl on; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP; ssl_session_cache shared:SSL:10m;
Categories: nginx
Thanks for clear and simple tutorial. I used it more than once now. I forget details each time I do this.