Setting up a SSL Cert from Comodo

PositiveSSL -

I use as a registrar, and they resale SSL Certs from a number of other companies, including Comodo. These are the steps I went through to set up a PositiveSSL’s SSL cert.

First, purchase the certificate, follow the steps on their site, and you should soon get an email with your PositiveSSL Certificate. It contains a zip file with the following:

  • Root CA Certificate – AddTrustExternalCARoot.crt
  • Intermediate CA Certificate – COMODORSAAddTrustCA.crt
  • Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
  • Your PositiveSSL Certificate – www_example_com.crt (or the subdomain you gave them)

The next part is to install the Commodo SSL cert by combining those file into a bundle:
cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

Store the bundle wherever nginx expects to find it, basically its located here:
mkdir -p /etc/nginx/ssl/example_com/
mv ssl-bundle.crt /etc/nginx/ssl/example_com/

Ensure your private key is somewhere nginx can read it, as well:
mv example_com.key /etc/nginx/ssl/example_com/

The last step, make sure your nginx config points to the right cert file and to the private key you generated earlier:
server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key;
# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ...

Then, simply restart nginx service.


Leave a Reply

Your email address will not be published. Required fields are marked *