Learn about Centmin Mod LEMP Stack today
Register Now

SSL Confused about how to install my PostiveSSL Certificate

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by xaitmi, Feb 8, 2015.

  1. xaitmi

    xaitmi Member

    35
    3
    8
    Jan 18, 2015
    Ratings:
    +3
    Local Time:
    11:52 PM
    Hi.

    I was following this guide

    Nginx HTTPS / SSL Google SPDY configuration


    Generated the CSR file and gave it to Namecheap who generated my PositiveSSL Certificate

    They emailed me the certificate and a zip file containing 4 .crt files

    AddTrustExternalCARoot.crt
    COMODORSAAddTrustCA.crt
    COMODORSADomainValidationSecureServerCA.crt
    and finally, my_domain_com.crt

    I'm not sure how to make this unified SSL with the files I have.

    Also my domain is my.____.com not www.my.____.com
     
  2. eva2000

    eva2000 Administrator Staff Member

    54,600
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    2:52 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    see SSL - HTTPS as a Google ranking signal | Centmin Mod Community which has links to this SSL - How to install an ssl certificate? | Centmin Mod Community

    below example is for ECC 256 bit SSL not RSA 2048 bit you have, but should follow similar order so for unified.crt would be SSL crt > DomainValidationSecureServeCA > AddTrustCA if you want to exclude without root cert with front prefix differences depending on Comodo RSA or Comodo ECC based SSL certificates
     
    Last edited: Feb 8, 2015
  3. xaitmi

    xaitmi Member

    35
    3
    8
    Jan 18, 2015
    Ratings:
    +3
    Local Time:
    11:52 PM
    Done.

    I'm now looking into what to change in the my.domain.com.conf file

    I also need to make it so that if people go to my site without SSL, they will be forced onto SSL as it is a billing system.
     
  4. xaitmi

    xaitmi Member

    35
    3
    8
    Jan 18, 2015
    Ratings:
    +3
    Local Time:
    11:52 PM
    I am getting an error when doing ngxrestart

    here is my virtual host

    server { server_name my.ub3r.org www.my.ub3r.org; return 301 h - Pastebin.com

    The error is

    nginx: [emerg] "server" directive is not allowed here in /usr/local/nginx/conf/conf.d/my.ub3r.org.conf:5

    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

    Edit: I see that I missed a } right above server {

    I added that and now I get this

    nginx: [emerg] unknown directive "ssl_stapling_verify_on" in /usr/local/nginx/conf/conf.d/my.ub3r.org.conf:19

    nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
     
  5. xaitmi

    xaitmi Member

    35
    3
    8
    Jan 18, 2015
    Ratings:
    +3
    Local Time:
    11:52 PM
    Fixed the error. Copied and pasted this and it worked.

    # enable ocsp stapling

    resolver 8.8.8.8;

    ssl_stapling on;

    ssl_stapling_verify on;

    SSL works on my site now.
     
  6. xaitmi

    xaitmi Member

    35
    3
    8
    Jan 18, 2015
    Ratings:
    +3
    Local Time:
    11:52 PM
    When I test my site on SPDYCheck: Testing Websites for SPDY Support

    it says

    Host does not use SSL/TLS
    Crap! This website cannot be accessed via SSL/TLS. SPDY works by piggybacking on top of SSL/TLS. To use SPDY this website must first enable access via SSL/TLS.

    Edit: Installed the chrome SPDY indicator and it is working fine.