Nginx and VeriSign SSL Certificates

18 06 2011

Although instructions are provided for many web servers/systems there are no instructions on the VeriSign web site on how to setup Nginx.

One tip that may save you a couple of minutes is that your Nginx SSL configuration will not work correctly with the VeriSign provided Apache CA bundle of intermediate certificates.

To get a certificate bundle that will work properly I suggest the following steps.

  • First download both the Primary Intermediate CA Certificate and the Secondary SSL Intermediate CA Certificate files.
  • Second, concatenate your certificate, then the primary CA certificate, then the secondary certificate into a single file.
  • Third reference the resulting file in your nginx SSL configuration, verify your configuration, and restart nginx.

To ensure everything is setup correctly you can verify your site using the VeriSign Certificate Check application.

About these ads

Actions

Information

3 responses

6 12 2012
Peter Conerly

Hey man, great post.

I have a verisign file like yours, but it’s a *.cer so can I still add it?

I don’t have a .key file– how big of a problem is that?

In the 3rd step you say I should reference the file; but in nginx ssl there are multiple places to reference files. Which field are you referencing the file with?

9 12 2012
Jim McDonald

I don’t believe the extension of the filename (.cer) will matter as long as the contents of the certificate file is in the expected format.

You’ll need the key that was used to create the certificate.

In the 3rd step I’m referencing the file in the nginx server config.

13 09 2014
Srinivasa

This Worked. Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Follow

Get every new post delivered to your Inbox.

%d bloggers like this: