Home > nginx > nginx and Go Daddy SSL certificates

nginx and Go Daddy SSL certificates

July 15th, 2010 Leave a comment Go to comments
  1. Generate the CSR: 
    openssl genrsa 2048 > yourhost.com.key
openssl req -new -key yourhost.com.key > yourhost.com.csr
  2. Enter in whatever you want - you NEED the "Common Name" everything else is not really required for it to work. 
    Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Something Here
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:yourhost.com
Email Address []:.

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
  3. Paste the CSR into Go Daddy, get back the .crt file
  4. Combine the cert + Go Daddy chain: 
    cat yourhost.com.crt gd_bundle.crt > yourhost.com.pem
  5. Lastly, in nginx.conf: 
    ssl_certificate /etc/nginx/certs/yourhost.com.pem;
ssl_certificate_key /etc/nginx/certs/yourhost.com.key;

Additionally I have these SSL tweaks which seems to maintain a better SSL experience, passes McAfee Secure's SSL checks, etc.:

ssl on;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
ssl_session_cache shared:SSL:10m;
Categories: nginx
  1. Janko M.
    August 22nd, 2010 at 05:40 | #1
    Reply | Quote

    Thanks for clear and simple tutorial. I used it more than once now. I forget details each time I do this.

  1. No trackbacks yet.
You must be logged in to post a comment.