Nginx SSL Setup

Rainer Duffner rainer at ultra-secure.de
Thu Nov 3 21:46:40 UTC 2016


> Am 03.11.2016 um 20:40 schrieb Ashish Gupta <mail2ashish.g at gmail.com>:
> 
> Hello Team,
> 
> I am using NGINX as a web server ot host some of the file and I need some help with the SSL Setup. Is there a way to create a keystore and use that in the configuration for SSL setup?
> 
> I don't want to use the self signed certificate, i need sign the certificate with the company CA and import the Root and Issuing certificates.


NGINX doesn’t use keystores (jks).

You need to convert your (I assume) PKCS12 files into PEM files, split the private key and the certificates and configure them according to the documentation.

http://nginx.org/en/docs/http/ngx_http_ssl_module.html <http://nginx.org/en/docs/http/ngx_http_ssl_module.html>

or Mozilla’s interactive cheat-sheet:

https://mozilla.github.io/server-side-tls/ssl-config-generator/ <https://mozilla.github.io/server-side-tls/ssl-config-generator/>

Though, of course, it’s always good to read the documentation provided by NGINX Inc, which is thankfully always very up to date and accurate.

Google „openssl convert pkcs12 pem“ 

Off the top of my head it looks like „openssl pkcs12 -in your.p12 -out your.pem -nodes“

See this for creating key and csr:

https://support.rackspace.com/how-to/generate-a-csr-with-openssl/ <https://support.rackspace.com/how-to/generate-a-csr-with-openssl/>

(or various other links that google spits out)



Rainer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20161103/451f09c6/attachment.html>


More information about the nginx mailing list