Mostly Harmless

Mostly about my amusement

StartSSL and Nginx

I converted this blog from Apache2 to Nginx but forgot a step for SSL. With Apache2 to correctly install the SSL cert, you need to include in your config ca.pem and sub.class1.server.ca.pem. See here for more information.

I didn’t realize I had a problem until I pointed my iPhone at my SSL enabled web site.

With Nginx you’ve got

 ssl  on;
 ssl_certificate  /etc/nginx/ssl/blog.crt;
 ssl_certificate_key  /etc/nginx/ssl/blog.key;

Nginx doesn’t do SSL certificate chaining like Apache2 does. In order to get the ca.pem and sub.class1.server.ca.pem onto your install just append the two files to your certificate file.

curl http://www.startssl.com/certs/sub.class1.server.ca.pem >>blog.crt
curl http://www.startssl.com/certs/ca.pem >>blog.crt

I restarted my Nginx server and had no problems since. I continue to be impressed with StartSSL and at some point I will want to purchase a wild card cert for my domain.

« »

© 2018 Mostly Harmless. Theme by Anders Norén.