Nginx Nginx is da bomb!

How to setup godaddy SSL certificate on Nginx
Dorren_mii_thumb by dorren, 09/10/2007

1. Generate SSL request

First create key, replace "mysite.com" with your site domain name.
openssl genrsa -out www.mysite.com.key 2048
then the request,
openssl req -new -key www.mysite.com.key -out www.mysite.com.csr

that command will prompt a few questions, like below
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:Your town Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Corporation Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:www.mysite.com Email Address []:someone@mysite.com

the Common Name is the most important field, that should be the exact domain name for which you are requesting SSL, in most cases, it should be "www.mysite.com". If you are buying for a subdomain, then it should be something like "secured.mysite.com". If for wildcard, it should be "*.mysite.com".

After you finish, you should have 2 files now, www.mysite.com.key and www.mysite.com.csr.


2. Buy the SSL on Godaddy

Now goto godaddy's site, and buy the ssl. If it's for a new website, I highly recommend to buy just one year version first. Their cheapest one is just $19.99/year. The reason is you never know if the new site is going to work out or not, or you may need to create secured subdomains a few months later. Because of all these uncertainties, it's better just to pay a tad more for one year only.

The process of buying SSL is quite involved:
  1. You pay for the SSL order first, and you get 1 ssl credit in Godaddy account.
  2. You configure the credit, and submit the whole body text from mysite.csr.
  3. Download the ssl, select type "other" in the dropdown, since I use nginx.


3. Install SSL on Nginx

Godaddy email you the zip file contains 2 files: www.mysite.com.crt and gd_bundle.crt. You need to combine both files into one file, with your domain ssl file on top. so unzip the zip file and combine them.
cat www.mysite.com.crt gd_bundle.crt > mysite_combined.crt

If you don't combine them, browser will not be able to verify certificate authority (CA), and popup dialog or warning messages, which will certainly scare your site visitors away.

Now copy both combined crt and www.mysite.com.key files to your ssl folder on the server, and edit your nginx.conf
server { listen 443; server_name www.mysite.com; ssl on; ssl_certificate /your/ssl/folder/mysite_combined.crt; ssl_certificate_key /your/ssl/folder/www.mysite.com.key; ... }

then reload the processes to make the change take effect.
/etc/init.d/nginx reload

That's it.


Reference

http://wiki.codemongers.com/NginxHttpSslModule http://blog.imperialdune.com/2007/3/31/setting-up-godaddy-turbo-ssl-on-nginx
Views: 36004   Replies: 1   Last Reply: davidde, 11/19.     Tags: ssl

comments

davidde 11/19  
Happy_face_w50 I do it, but error: https://rosingly.com/css/livingstyle/accepted-cards.gif
Why?
Thank's!
 
login or sign up to participate.




Tag_yellow Tags
spam 1
ssl 1
Money_dollar moneywill
| blog | terms | privacy | © copyright 2007 | b5441c438efbf0f60209ca19413b2cda3b5005866