The UnSub

Ars Technica covered a very nice detailed how-to to install SSL/TLS cert from StartSSL in OSX server. I shall not rehashed their steps to obtain the certificate. For me, I am keen to use StartSSL’s free Class 1 cert with Nginx server and it is not covered in their help/support pages.

Notes on Generating CSR

Assuming your server private key is server.key and you are inside the directory storing the key. The Openssl command will look something like this:

openssl req -new -key server.key -out server.csr

As you key in the necessary fields for your CSR, you MUST OMIT the EMAIL ADDRESS field. ie. LEAVE it BLANK & press ENTER.

Otherwise, when you request the certificate at StartSSL, you will end up making a Class 2 certificate request which require validation of email and it will cost you money.

Installing the Cert in Nginx

Let’s say everything went smoothly, after pasting the CSR into the webpage and clicking continue, you will see the Certificate contents in the webpage. There is a link to CLASS 1 CA Intermediate cert file. You must download that file into your server.

In order for Nginx to use the free cert, you have bundle the Intermediate CA cert and the new cert together into a single file:

cat class1.ca.pem newcert.pem > bundleforyrdomain.pem

The naming of each file will differ from your server but the ORDER is IMPORTANT! The CA Intermediate file must first in new file. After which, adjust your existing nginx.conf, restart nginx should NOT yield any error. Your new free cert is in!

This entry was posted on Friday, December 25th, 2009 at 5:34 pm and is filed under How To, Server Administration. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.