Posted on 2013-09-02 16:44
H2O 阅读(151)
评论(0) 编辑 收藏
Some helpfull Links:
http://nginx.org/en/docs/http/configuring_https_servers.htm
http://blog.csdn.net/kunoy/article/details/8239653
http://zou.lu/nginx-https-ssl-module/
http://blog.csdn.net/wzy_1988/article/details/8549290
http://my.oschina.net/zhlmmc/blog/42125
http://www.quany.info/web-design/nginx-400-bad-request-the-plain-http-request-was-sent-to-https-port.html
You should have received a your_domain_name.pem file from DigiCert in an email when your certificate was issued. If you have that file you can skip to step 3. Otherwise, start with step 1.
Copy the Certificate files to your server.
Log in to download your Intermediate (DigiCertCA.crt) and Primary Certificates (your_domain_name.crt) from within your DigiCert Customer Account. Copy them, along with the .key file you generated when you created the CSR, to the directory on your server where you will keep your certificate and key files. Make them readable by root only to increase security.
Concatenate the primary certificate and intermediate certificate.
You need to concatenate the primary certificate file (your_domain_name.crt) and the intermediate certificate file (DigiCertCA.crt) into a single pem file by running the following command:
cat your_domain_name.crt DigiCertCA.crt >> bundle.crt
Edit the Nginx virtual hosts file.
Now open your Nginx virtual host file for the website you are securing. If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection. Make a copy of the existing non-secure server module and paste it below the original. Then add the lines in bold below:
server { listen 443; ssl on; ssl_certificate /etc/ssl/your_domain_name.crt; (or .pem) ssl_certificate_key /etc/ssl/your_domain_name.key; server_name your.domain.com; access_log /var/log/nginx/nginx.vhost.access.log; error_log /var/log/nginx/nginx.vhost.error.log; location / { root /home/www/public_html/your.domain.com/public/; index index.html; } }
Adjust the file names to match your certificate files:
- ssl_certificate should be your primary certificate combined with the intermediate certificate that you made in the previous step (e.g. your_domain_name.crt).
- ssl_certificate_key should be the key file generated when you created the CSR.
Restart Nginx.
Run the following command to restart Nginx:
sudo /etc/init.d/nginx restart
Amazing Tutorial
http://www.digicert.com/ssl-certificate-installation-nginx.htm
http://www.erawanarifnugroho.com/2013/07/08/configuring-wildcard-alphassl-from-centrio-host.html
http://lowendtalk.com/discussion/11752/install-ssl-problem-in-nginx