Last active
November 2, 2024 06:45
-
-
Save bradmontgomery/6487319 to your computer and use it in GitHub Desktop.
Revisions
-
bradmontgomery revised this gist
Mar 14, 2015 . 1 changed file with 7 additions and 7 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,16 +19,16 @@ when ordering the certificate. This gives you two files: * ``example_com.key`` -- your Private key. You'll need this later to configure ngxinx. * ``example_com.csr`` -- Your CSR file. Now, purchase the certificate [1]_, follow the steps on their site, and you should soon get an email with your *PositiveSSL Certificate*. It contains a zip file with the following: * Root CA Certificate - `AddTrustExternalCARoot.crt` * Intermediate CA Certificate - `COMODORSAAddTrustCA.crt` * Intermediate CA Certificate - `COMODORSADomainValidationSecureServerCA.crt` * Your PositiveSSL Certificate - `www_example_com.crt` (or the subdomain you gave them) Install the Commodo SSL cert ---------------------------- @@ -44,7 +44,7 @@ Combine everything for nginx [2]_: mkdir -p /etc/nginx/ssl/example_com/ mv ssl-bundle.crt /etc/nginx/ssl/example_com/ 3. Ensure your private key is somewhere nginx can read it, as well.:: mv example_com.key /etc/nginx/ssl/example_com/ -
Mar 14, 2015 . 1 changed file with 20 additions and 13 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,7 @@ Setting up a SSL Cert from Comodo ================================= I use `Namecheap.com <http://www.namecheap.com/?aff=83780>`_ as a registrar, and they resale SSL Certs from a number of other companies, including `Comodo <http://www.comodo.com/>`_. These are the steps I went through to set up an SSL cert. @@ -15,36 +15,40 @@ when ordering the certificate. :: openssl req -new -newkey rsa:2048 -nodes -keyout example_com.key -out example_com.csr This gives you two files: * ``example_com.key`` -- your Private key. You'll need this later to configure ngxinx. * ``example_com.csr`` -- Your CSR file. Now, purchase the certificate [1]_, follow the steps on their site, and you should soon get an email with your *PositiveSSL Certificate*. It contains a zip file with the following: * Root CA Certificate - `AddTrustExternalCARoot.crt` * Intermediate CA Certificate - `COMODORSAAddTrustCA.crt` * Intermediate CA Certificate - `COMODORSADomainValidationSecureServerCA.crt` * Your PositiveSSL Certificate - `www_example_com.crt` (or the subdomain you gave them) Install the Commodo SSL cert ---------------------------- Combine everything for nginx [2]_: 1. Combine the above crt files into a bundle (the order matters, here):: cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt 2. Store the bundle wherever nginx expects to find it:: mkdir -p /etc/nginx/ssl/example_com/ mv ssl-bundle.crt /etc/nginx/ssl/example_com/ 3. Ensure your private key is somewhere nginx can read it, as well. mv example_com.key /etc/nginx/ssl/example_com/ 4. Make sure your nginx config points to the right cert file and to the private key you generated earlier:: server { @@ -54,12 +58,15 @@ Combine everything for nxinx [2]_: ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key; # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ... } 6. Restart nginx. .. [1] I purchased mine through Namecheap.com. .. [2] Based on these instructions: http://goo.gl/4zJc8 -
Sep 8, 2013 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ Setting up a SSL Cert from Comodo ================================= I use `Namecheap.com <https://namecheap.com>`_ as a registrar, and they resale SSL Certs from a number of other companies, including `Comodo <http://www.comodo.com/>`_. These are the steps I went through to set up an SSL cert. @@ -22,7 +22,7 @@ This gives you two files: * ``example_com.key`` -- your Private key. You'll need this later to configure ngxin. * ``example_com.csr`` -- Your CSR file. Now, purchase the certificate [1]_, wait *forever* for them to review your purchase. You'll eventually get an email with your *PositiveSSL Certificate*. It contains a zip file with the following: @@ -33,7 +33,7 @@ a zip file with the following: Install the Commodo SSL cert ---------------------------- Combine everything for nxinx [2]_: 1. Combine the above crt files into a bundle (the order matters, here):: @@ -62,4 +62,4 @@ Combine everything for nxinx[2]_: .. [1] I purchased mine through the Namecheap.com website. .. [2] Based on these instructions: http://goo.gl/4zJc8 -
Sep 8, 2013 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,65 @@ Setting up a SSL Cert from Comodo ================================= I use `Namecheap.com <https://namecheap.com>`_ as a registrar, and they resale SSL Certs from a number of other companies, including `Comodo <http://www.comodo.com/>`. These are the steps I went through to set up an SSL cert. Purchase the cert ----------------- Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You'll be asked for the content of the CSR file when ordering the certificate. :: openssl req -nodes -newkey rsa:2048 -keyout example_com.key -out example_com.csr This gives you two files: * ``example_com.key`` -- your Private key. You'll need this later to configure ngxin. * ``example_com.csr`` -- Your CSR file. Now, purchase the certificate[1]_, wait *forever* for them to review your purchase. You'll eventually get an email with your *PositiveSSL Certificate*. It contains a zip file with the following: * Root CA Certificate - `AddTrustExternalCARoot.crt` * Intermediate CA Certificate - `PositiveSSLCA2.crt` * Your PositiveSSL Certificate - `example_com.crt` Install the Commodo SSL cert ---------------------------- Combine everything for nxinx[2]_: 1. Combine the above crt files into a bundle (the order matters, here):: cat example_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt 2. Store the bundle wherever nginx expects to find it:: mkdir -p /etc/nginx/ssl/example_com/ mv ssl-bundle.crt /etc/nginx/ssl/example_com/ 3. Make sure your nginx config points to the right cert file and to the private key you generated earlier:: server { listen 443; ssl on; ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key; # ... } 4. Restart nginx. .. [1] I purchased mine through the Namecheap.com website. .. [2] Based on these instructions: http://goo.gl/4zJc8