nginx and godaddy ssl cert. How to?

Michael Shadle mike503 at gmail.com
Fri Jul 16 04:24:39 MSD 2010


I have no clue. All I know is mine has worked a lot :)

On Jul 15, 2010, at 3:45 PM, Audrey Lee <audrey.lee.is.me at gmail.com> wrote:

> Michael,
> 
> Thanks for the writeup.
> It is very easy to follow; bravo!
> 
> It appears that nginx does not like my key.
> 
> I created it using instructions from godaddy:
> 
> deploy at domU-12-31-38-00-95-21 ~ $ openssl genrsa -des3 -out toadfrog.key 2048
> Generating RSA private key, 2048 bit long modulus
> ....................................+++
> ...................+++
> e is 65537 (0x10001)
> Enter pass phrase for toadfrog.key:
> Verifying - Enter pass phrase for toadfrog.key:
> 
> 
> Anyway, here is what nginx is now telling me:
> 
> domU-12-31-39-0B-15-75 ~ # /etc/init.d/nginx restart
> 
> * Checking nginx' configuration ...
> 
> 2010/07/15 15:32:05 [emerg] 24186#0:
> SSL_CTX_use_PrivateKey_file("/etc/nginx/ssl/toadfrog.key")
> 
> failed (SSL: error:0D07207B:asn1 encoding
> routines:ASN1_get_object:header too long
> 
> error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object
> header error:0D07803A:asn1 encoding routine:: dοTlhο4?dο)?
> 
> 2010/07/15 15:32:05 [emerg] 24186#0: the configuration file
> /etc/nginx/nginx.conf test failed
> 
> Would you agree that godaddy gave me the wrong shell command to create
> toadfrog.key ?
> 
> 
> On 7/15/10, Michael Shadle <mike503 at gmail.com> wrote:
>> On Thu, Jul 15, 2010 at 2:16 PM, Audrey Lee <audrey.lee.is.me at gmail.com>
>> wrote:
>>> Hello nginx people.
>>> 
>>> I want to use nginx to serve https for my site.
>>> 
>> 
>> 1) Generate the CSR:
>> openssl genrsa 2048 > yourhost.com.key
>> openssl req -new -key yourhost.com.key > yourhost.com.csr
>> 
>> 2) Enter in only a couple pieces of information:
>> 
>> Country Name (2 letter code) [AU]:US
>> State or Province Name (full name) [Some-State]:.
>> Locality Name (eg, city) []:.
>> Organization Name (eg, company) [Internet Widgits Pty Ltd]:Something Here
>> Organizational Unit Name (eg, section) []:.
>> Common Name (eg, YOUR name) []:yourhost.com
>> Email Address []:.
>> 
>> Please enter the following 'extra' attributes
>> to be sent with your certificate request
>> A challenge password []:
>> An optional company name []:
>> 
>> 3) Paste the CSR into Godaddy, get back the .crt file
>> 
>> 4) Combine the cert + godaddy chain
>> cat yourhost.com.crt gd_bundle.crt > yourhost.com.pem
>> 
>> 
>> Then in nginx:
>> 
>> ssl_certificate /etc/nginx/certs/yourhost.com.pem;
>> ssl_certificate_key /etc/nginx/certs/yourhost.com.key;
>> 
>> Additionally I have these:
>> 
>> ssl on;
>> ssl_protocols SSLv3 TLSv1;
>> ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
>> ssl_session_cache shared:SSL:10m;
>> 
>> Helps maintain a better SSL experience, passes McAfee Secure's SSL checks,
>> etc.
>> 
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://nginx.org/mailman/listinfo/nginx
>> 
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list