Install the Commodo SSL cert

Leave a Comment / ssl / By
Combine everything for nginx [2]:
  1. Combine the above crt files into a bundle (the order matters, here):
    cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
  2. Store the bundle wherever nginx expects to find it:
    mkdir -p /etc/nginx/ssl/example_com/
    mv ssl-bundle.crt /etc/nginx/ssl/example_com/
  3. Ensure your private key is somewhere nginx can read it, as well.:
    mv example_com.key /etc/nginx/ssl/example_com/
  4. Make sure your nginx config points to the right cert file and to the private key you generated earlier:
    server {
        listen 443;

        ssl on;
        ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt;
        ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key;

        # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        # ...

    }
  1. Restart nginx.

Leave a Comment

Your email address will not be published. Required fields are marked *

Open chat