<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">Am 03.11.2016 um 20:40 schrieb Ashish Gupta <<a href="mailto:mail2ashish.g@gmail.com" class="">mail2ashish.g@gmail.com</a>>:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><span style="font-size:12.8px" class="">Hello Team,</span><div style="font-size:12.8px" class=""><br class=""></div><div style="font-size:12.8px" class="">I am using NGINX as a web server ot host some of the file and I need some help with the SSL Setup. Is there a way to create a keystore and use that in the configuration for SSL setup?</div><div style="font-size:12.8px" class=""><br class=""></div><div style="font-size:12.8px" class="">I don't want to use the self signed certificate, i need sign the certificate with the company CA and import the Root and Issuing certificates.</div></div></div></blockquote><br class=""></div><div><br class=""></div><div>NGINX doesn’t use keystores (jks).</div><div><br class=""></div><div>You need to convert your (I assume) PKCS12 files into PEM files, split the private key and the certificates and configure them according to the documentation.</div><div><br class=""></div><div><a href="http://nginx.org/en/docs/http/ngx_http_ssl_module.html" class="">http://nginx.org/en/docs/http/ngx_http_ssl_module.html</a></div><div><br class=""></div><div>or Mozilla’s interactive cheat-sheet:</div><div><br class=""></div><div><a href="https://mozilla.github.io/server-side-tls/ssl-config-generator/" class="">https://mozilla.github.io/server-side-tls/ssl-config-generator/</a></div><div><br class=""></div><div>Though, of course, it’s always good to read the documentation provided by NGINX Inc, which is thankfully always very up to date and accurate.</div><div><br class=""></div><div>Google „openssl convert pkcs12 pem“ </div><div><br class=""></div><div>Off the top of my head it looks like „openssl pkcs12 -in your.p12 -out your.pem -nodes“</div><div><br class=""></div><div>See this for creating key and csr:</div><div><br class=""></div><div><a href="https://support.rackspace.com/how-to/generate-a-csr-with-openssl/" class="">https://support.rackspace.com/how-to/generate-a-csr-with-openssl/</a></div><div><br class=""></div><div>(or various other links that google spits out)</div><div><br class=""></div><div><br class=""></div><div><br class=""></div><div>Rainer</div></body></html>