nginx and godaddy ssl cert. How to?
Michael Shadle
mike503 at gmail.com
Fri Jul 16 01:23:15 MSD 2010
On Thu, Jul 15, 2010 at 2:16 PM, Audrey Lee <audrey.lee.is.me at gmail.com> wrote:
> Hello nginx people.
>
> I want to use nginx to serve https for my site.
>
1) Generate the CSR:
openssl genrsa 2048 > yourhost.com.key
openssl req -new -key yourhost.com.key > yourhost.com.csr
2) Enter in only a couple pieces of information:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Something Here
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:yourhost.com
Email Address []:.
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
3) Paste the CSR into Godaddy, get back the .crt file
4) Combine the cert + godaddy chain
cat yourhost.com.crt gd_bundle.crt > yourhost.com.pem
Then in nginx:
ssl_certificate /etc/nginx/certs/yourhost.com.pem;
ssl_certificate_key /etc/nginx/certs/yourhost.com.key;
Additionally I have these:
ssl on;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
ssl_session_cache shared:SSL:10m;
Helps maintain a better SSL experience, passes McAfee Secure's SSL checks, etc.
More information about the nginx
mailing list