StartSSL and Nginx

Facebook Tweet

I converted this blog from Apache2 to Nginx but forgot a step for SSL. With Apache2 to correctly install the SSL cert, you need to include in your config ca.pem and sub.class1.server.ca.pem. See here for more information.

I didn’t realize I had a problem until I pointed my iPhone at my SSL enabled web site.

With Nginx you’ve got

 ssl  on;
 ssl_certificate  /etc/nginx/ssl/blog.crt;
 ssl_certificate_key  /etc/nginx/ssl/blog.key;

Nginx doesn’t do SSL certificate chaining like Apache2 does. In order to get the ca.pem and sub.class1.server.ca.pem onto your install just append the two files to your certificate file.

curl http://www.startssl.com/certs/sub.class1.server.ca.pem >>blog.crt
curl http://www.startssl.com/certs/ca.pem >>blog.crt

I restarted my Nginx server and had no problems since. I continue to be impressed with StartSSL and at some point I will want to purchase a wild card cert for my domain.

10 Comments

escanive says:

Hi,

Thanks for clarifying how to do this.

A while ago, I too switched to StartSSL. However, I was also unaware of this problem since I at some point had added a permanent exception in Firefox.

All my SSL-sites work like a charm now 🙂

I also agree that purchasing a wild card cert is probably worth the money, but that will have to happen later.

Regards,

escanive

August 23, 2010 — 7:18 am
- Jan Dembowski says:
  
  You are welcome, glad to be of help.
  
  I have been nothing but totally impressed with StartSSL. The service they provide is top rate.
  
  August 23, 2010 — 7:41 pm
  - Slobo says:
    
    Just another vote for StartSSL, truly wonderful service and support. And you can’t beat the value either.
    
    November 22, 2010 — 2:07 pm
  - Slobo says:
    
    And yeah, thanks for the tip, worked like a charm 🙂
    
    November 22, 2010 — 8:30 pm
  - Jan Dembowski says:
    
    Glad to be of help; you really can’t say enough good things about StartSSL.
    
    November 23, 2010 — 12:48 pm
Laurent says:

Thanks for this post. StartSSL should really add an nginx section on their site.

March 5, 2012 — 8:47 am
- Jan Dembowski says:
  
  You’re welcome, I’m glad this helps.
  
  March 6, 2012 — 6:15 am
Hugo Maia says:

Thanks!!! Works like a charm!

June 26, 2013 — 6:57 pm
- Jan Dembowski says:
  
  You’re welcome, I’m glad that post helped you out.
  
  June 29, 2013 — 9:00 am
Hugo Maia says:

PS: StartSSL now have a Nginx install instructions: http://www.startssl.com/?app=42

June 26, 2013 — 7:00 pm