nginx and godaddy ssl cert. How to?
audrey.lee.is.me at gmail.com
Fri Jul 16 02:45:35 MSD 2010
Thanks for the writeup.
It is very easy to follow; bravo!
It appears that nginx does not like my key.
I created it using instructions from godaddy:
deploy at domU-12-31-38-00-95-21 ~ $ openssl genrsa -des3 -out toadfrog.key 2048
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
Enter pass phrase for toadfrog.key:
Verifying - Enter pass phrase for toadfrog.key:
Anyway, here is what nginx is now telling me:
domU-12-31-39-0B-15-75 ~ # /etc/init.d/nginx restart
* Checking nginx' configuration ...
2010/07/15 15:32:05 [emerg] 24186#0:
failed (SSL: error:0D07207B:asn1 encoding
routines:ASN1_get_object:header too long
error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
header error:0D07803A:asn1 encoding routine:: dοTlhο4?dο)?
2010/07/15 15:32:05 [emerg] 24186#0: the configuration file
/etc/nginx/nginx.conf test failed
Would you agree that godaddy gave me the wrong shell command to create
On 7/15/10, Michael Shadle <mike503 at gmail.com> wrote:
> On Thu, Jul 15, 2010 at 2:16 PM, Audrey Lee <audrey.lee.is.me at gmail.com>
>> Hello nginx people.
>> I want to use nginx to serve https for my site.
> 1) Generate the CSR:
> openssl genrsa 2048 > yourhost.com.key
> openssl req -new -key yourhost.com.key > yourhost.com.csr
> 2) Enter in only a couple pieces of information:
> Country Name (2 letter code) [AU]:US
> State or Province Name (full name) [Some-State]:.
> Locality Name (eg, city) :.
> Organization Name (eg, company) [Internet Widgits Pty Ltd]:Something Here
> Organizational Unit Name (eg, section) :.
> Common Name (eg, YOUR name) :yourhost.com
> Email Address :.
> Please enter the following 'extra' attributes
> to be sent with your certificate request
> A challenge password :
> An optional company name :
> 3) Paste the CSR into Godaddy, get back the .crt file
> 4) Combine the cert + godaddy chain
> cat yourhost.com.crt gd_bundle.crt > yourhost.com.pem
> Then in nginx:
> ssl_certificate /etc/nginx/certs/yourhost.com.pem;
> ssl_certificate_key /etc/nginx/certs/yourhost.com.key;
> Additionally I have these:
> ssl on;
> ssl_protocols SSLv3 TLSv1;
> ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
> ssl_session_cache shared:SSL:10m;
> Helps maintain a better SSL experience, passes McAfee Secure's SSL checks,
> nginx mailing list
> nginx at nginx.org
More information about the nginx