SSL Nginx Setup

1. Generate SSL request

First generate the key, replace "mysite.com" with your site domain name.
openssl genrsa -out www.mysite.com.key 2048

then the request,
openssl req -new -key www.mysite.com.key -out www.mysite.com.csr

that command will prompt a few questions, it should look like:
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:Your town Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Corporation Organizational Unit Name (eg, section) []:IT Common Name (eg, YOUR name) []:www.mysite.com Email Address []:someone@mysite.com

the Common Name is the most important field, that should be the exact domain name for which you are requesting SSL, in most cases, it should be "www.mysite.com". If you are buying for a subdomain, then it should be something like "secured.mysite.com". If for wildcard, it should be "*.mysite.com".

After you finish, you should have 2 files now, www.mysite.com.key and www.mysite.com.csr.

2. Buy the SSL on Godaddy (If you don't already have it)

Now goto godaddy's site, and buy the ssl. If it's for a new website, I highly recommend to buy just one year version first. Their cheapest one is just $19.99/year. The reason is you never know if the new site is going to work out or not, or you may need to create secured subdomains a few months later. Because of all these uncertainties, it's better just to pay a tad more for one year only.

The process of buying SSL is quite involved:

  1. You pay for the SSL order first, and you get 1 ssl credit in Godaddy account.
  2. You configure the credit, and submit the whole body text from mysite.csr.
  3. Download the ssl, select type "other" in the dropdown, since we use nginx.

 

3. Install SSL on Nginx

Godaddy will email you the zip file, it contains 2 files: www.mysite.com.crt and gd_bundle.crt. You need to combine both files into one file, with your domain ssl file on top. so unzip the zip file and combine them.
cat www.mysite.com.crt gd_bundle.crt > mysite_combined.crt

If you don't combine them, browser will not be able to verify certificate authority (CA), and popup dialog or warning messages, which will certainly scare your site visitors away.

Now copy both combined crt and www.mysite.com.key files to your ssl folders on the server,

cp mysite_combined.crt ~/ssl/certs

cp  www.mysite.com.key ~/ssl/private

then ask support the reload your vhost config.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Account Setup

We've switched to nginx & uwsgi for our python hosting. We've also introduced some...