Menu Close

Mostly Harmless

Mostly about my amusement

February 25, 2010

StartSSL and Nginx

I converted this blog from Apache2 to Nginx but forgot a step for SSL. With Apache2 to correctly install the SSL cert, you need to include in your config ca.pem and sub.class1.server.ca.pem. See here for more information.

I didn’t realize I had a problem until I pointed my iPhone at my SSL enabled web site.

With Nginx you’ve got

 ssl  on;
 ssl_certificate  /etc/nginx/ssl/blog.crt;
 ssl_certificate_key  /etc/nginx/ssl/blog.key;

Nginx doesn’t do SSL certificate chaining like Apache2 does. In order to get the ca.pem and sub.class1.server.ca.pem onto your install just append the two files to your certificate file.

curl http://www.startssl.com/certs/sub.class1.server.ca.pem >>blog.crt
curl http://www.startssl.com/certs/ca.pem >>blog.crt

I restarted my Nginx server and had no problems since. I continue to be impressed with StartSSL and at some point I will want to purchase a wild card cert for my domain.

Jan Dembowski

Administrator

Posts by Jan Dembowski

Comments by Jan Dembowski

10 Comments

escanive

August 23, 2010 — 7:18 am

Hi,

Thanks for clarifying how to do this.

A while ago, I too switched to StartSSL. However, I was also unaware of this problem since I at some point had added a permanent exception in Firefox.

All my SSL-sites work like a charm now 🙂

I also agree that purchasing a wild card cert is probably worth the money, but that will have to happen later.

Regards,

escanive
- Jan Dembowski
  
  August 23, 2010 — 7:41 pm
  
  You are welcome, glad to be of help.
  
  I have been nothing but totally impressed with StartSSL. The service they provide is top rate.
  - Slobo
    
    November 22, 2010 — 2:07 pm
    
    Just another vote for StartSSL, truly wonderful service and support. And you can’t beat the value either.
  - Slobo
    
    November 22, 2010 — 8:30 pm
    
    And yeah, thanks for the tip, worked like a charm 🙂
  - Jan Dembowski
    
    November 23, 2010 — 12:48 pm
    
    Glad to be of help; you really can’t say enough good things about StartSSL.
Laurent

March 5, 2012 — 8:47 am

Thanks for this post. StartSSL should really add an nginx section on their site.
- Jan Dembowski
  
  March 6, 2012 — 6:15 am
  
  You’re welcome, I’m glad this helps.
Hugo Maia

June 26, 2013 — 6:57 pm

Thanks!!! Works like a charm!
- Jan Dembowski
  
  June 29, 2013 — 9:00 am
  
  You’re welcome, I’m glad that post helped you out.
Hugo Maia

June 26, 2013 — 7:00 pm

PS: StartSSL now have a Nginx install instructions: http://www.startssl.com/?app=42

2 Pingbacks

Comments are closed.

Mostly Harmless

Mostly about my amusement

StartSSL and Nginx

Related

Jan Dembowski

Posts by Jan Dembowski

New Life for old 3D Printers

Norton Security Premium Renewal Scheme

Octoprint and Reverse Proxies

New Kossel 3D printer

This is not a Gutenberg Review, It’s a Blog Post

Comments by Jan Dembowski

New Life for old 3D Printers

This is not a Gutenberg Review, It’s a Blog Post

This is not a Gutenberg Review, It’s a Blog Post

This is not a Gutenberg Review, It’s a Blog Post

This is not a Gutenberg Review, It’s a Blog Post

10 Comments

escanive

Jan Dembowski

Slobo

Slobo

Jan Dembowski

Laurent

Jan Dembowski

Hugo Maia

Jan Dembowski

Hugo Maia

2 Pingbacks

Subscribe to Blog via Email

Jan Dembowski

Personal Links

Mostly about my amusement

StartSSL and Nginx

Related

And the snow thrower is back

Mobile Suit Gundam Unicorn started

Posts by Jan Dembowski

New Life for old 3D Printers

Norton Security Premium Renewal Scheme

Octoprint and Reverse Proxies

New Kossel 3D printer

This is not a Gutenberg Review, It’s a Blog Post

Comments by Jan Dembowski

New Life for old 3D Printers

This is not a Gutenberg Review, It’s a Blog Post

This is not a Gutenberg Review, It’s a Blog Post

This is not a Gutenberg Review, It’s a Blog Post

This is not a Gutenberg Review, It’s a Blog Post

10 Comments

Slobo

Slobo

2 Pingbacks

Subscribe to Blog via Email

Personal Links