Surya's Blog!

Tag: Comodo

  • How to install Comodo SSL certificate with NGNIX web server?

    How to install Comodo SSL certificate with NGNIX web server?

    Installation method for COMODO SSL Certificate

    comodo_ssl_installation

    If you have generated the CSR and purchased or renewed the SSL with Comodo, you might have noticed that, the comodo has sent you 4 files instead of 1 one file.

     

     

     

    AddTrustExternalCARoot.crt - This is root CA Certificate

COMODORSAAddTrustCA.crt - Intermediate CA Certificate

COMODORSAOrganizationValidationSecureServerCA.crt - This is also intermediate 
CA certificate

domain_name_com.crt - The domain/ Sub Domain name you have provided while generating CSR>

    You need to concat the content of those file in specific order. The order is

    domain_name.crt
COMODORSAOrganizationValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

    You can simply open your favourite text editor to do that or if you are working with linux, you can simply use linux cat command to do that.

    surya >>/$ cat domain_name.crt COMODORSAOrganizationValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > domain_name_combined.crt

    Now upload the combined or bundled ssl certificate to the location where nginx can find that.

    mkdir -p /etc/nginx/ssl/domain_name_com/
scp domain_name_combined.crt user@host:/etc/nginx/ssl/domain_name_com/

    Move the private key to the same folder which you have generated while generating CSR.

    mv domain_name_com.key /etc/nginx/ssl/domain_name_com/

    Now edit the nginx conf and make an entry for SSL certificate

    server {
    listen 443;

    ssl on;
    ssl_certificate /etc/nginx/ssl/domain_name_com/domain_name_combined.crt;
    ssl_certificate_key /etc/nginx/ssl/domain_name_com/domain_name_com.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # Rest of the conf ...

}

    Now check for the nginx configuration is valid or not? if valid then reload the nginx conf. Make a practice of validating nginx conf before reloading or restarting nginx.

    surya@x ~/$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

surya@x ~/$ sudo service nginx reload

    Now validate the SSL is installed correctly or not by online tools. like below

    https://sslanalyzer.comodoca.com/

    This is how you can install the Comodo SSL on nginx.