SSL Certificate confusion.

Scott Larson stl at
Fri Oct 17 17:50:00 UTC 2014

     The CA will never provide a key, if this was a simple renewal of the
existing certificate the key already in place would be the one to reuse.
One thing to note however is that SHA1 is being aggressively phased out now
due the the Google policy change with Chrome. If that matters to you,
you'll want to check that your cert chain is the new SHA256.

*__________________Scott LarsonSystems AdministratorWiredrive/LA310 823
8238 ext. 1106310 943 2078

On Fri, Oct 17, 2014 at 9:19 AM, Ian <ian at> wrote:

> Hi All,
> My client's SSL certificates are about to run out, and we have gone
> through the process of
> getting the replacements from Godaddy.  However their instructions as to
> how to use them
> are useless.
> I expected a .crt and possibly a .key file, and I expected to simply
> replace the existing files
> with the new, and restart nginx.
> However I have been given two .crt files!  One contains a single
> certificate and the other three certificates!
> Is the reason there is no .key file because that is the private key and
> would not be sent out of our control. The old will continue to work fine.
> Does anyone know what the group of certificates is for, and how I should I
> introduce them to nginx?
> Nginx is a compiled version :-
> ian at ianhobson~ $ nginx -V
> nginx version: nginx/1.6.0
> built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
> TLS SNI support enabled
> configure arguments: --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf
> --pid-path=/usr/local/nginx/ --with-http_ssl_module
> --add-module=../nginx_tcp_proxy_module_v0.4.5 --add-module=../nginx_http_
> push_module-0.712
> Many thanks
> Ian
> _______________________________________________
> nginx mailing list
> nginx at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list