Steps to install a Comodo PositiveSSL certificate with Nginx.

Setting up a SSL Cert from Comodo


I use https://secure.instantssl.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.

These are the steps I went through to set up an SSL cert.

Purchase the cert


Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You'll be asked for the content of the CSR file when ordering the certificate.

First :
open your terminal

mkdir /etc/nginx/ssl
cd /etc/nginx/ssl

and run

openssl req -new -newkey rsa:2048 -nodes -keyout example_com.key -out example_com.csr

This gives you two files:

example_com.key -- your Private key. You'll need this later to configure ngxinx.
example_com.csr -- Your CSR file.



Now, purchase the certificate [1], follow the steps on their site, and you should soon get an email with your PositiveSSL Certificate. It contains a zip file with the following:

1. klik https://secure.instantssl.com/
2. Select your product, for example InstantSSL Certificates
3. Copy and paste your CSR Into this box (please open example_com.csr)
4. Select the server, for example nginx
5. Next
6. Please payment and check your email, you have 4 file;

1. Root CA Certificate - AddTrustExternalCARoot.crt
2. Intermediate CA Certificate - COMODORSAAddTrustCA.crt
3. Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
4. Your PositiveSSL Certificate - www_example_com.crt (or the subdomain you gave them)
Install the Commodo SSL cert

Combine everything for nginx [2]:

Combine the above crt files into a bundle (the order matters, here):

cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt


Store the bundle wherever nginx expects to find it:

mkdir -p /etc/nginx/ssl/
mv ssl-bundle.crt /etc/nginx/ssl/

Ensure your private key is somewhere nginx can read it, as well.:


Make sure your nginx config points to the right cert file and to the private key you generated earlier:

server {
    listen 443;

    ssl on;
    ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
    ssl_certificate_key /etc/nginx/ssl/example_com.key;

    # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # ...

}

Restart nginx.

source : https://gist.github.com/tobidsn/0752a720a2a23092361c159f9493c938
muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad muhamad tobiin tobidsn muhamad tobiin tobidsn@gmail http://github.com/tobidsn https://www.facebook.com/tobidsn https://github.com/tobidsn ahmad muhamad tobiin ahmad

Komentar