Archive

Archive for October, 2009

StartCom StartSSL certificate + nginx

October 15th, 2009 1 comment

Quick guide to use free and widelly accepted (week ago Microsoft added StartSSL certificates to known authorities !) SSL certificate on nginx webserver.

  1. create certificate on startssl.com
  2. download certificate (ssl.pem) and generated key (remove password from key using: openssl rsa -in ssl.key-pass -out ssl.key)
  3. download helper certificates (from http://www.startssl.com/certs/ (according to your class level, usually ca.pem sub.class1.server.ca.pem)
  4. do cat ssl.pem ca.pem sub.class1.server.ca.pem > server.pem
  5. setup configuration directives ssl_certificate and ssl_certificate_key (see http://wiki.nginx.org/NginxHttpSslModule for more info)
  6. that’s all, restart nginx and take a look at error.log for possible problems
  7. try it

Seems easy, but it took me some time and few google queries find out, how should be step 4 done, to make firefox be satisfied with this certificate, and not complaining with sec_error_unknown_issuer. Hope it saves you a minute.

Categories: admin, how-to Tags: