• Home

  • Custom Ecommerce
  • Application Development
  • Database Consulting
  • Cloud Hosting
  • Systems Integration
  • Legacy Business Systems
  • Security & Compliance
  • GIS

  • Expertise

  • About Us
  • Our Team
  • Clients
  • Blog
  • Careers

  • VisionPort

  • Contact
  • Our Blog

    Ongoing observations by End Point Dev people

    Install SSL Certificate from Network Solutions on nginx

    Brian Buchalter

    By Brian Buchalter
    February 5, 2013

    Despite nginx serving pages for 12.22% of the web’s million busiest sites, Network Solutions does not provide instructions for installing SSL certificates for nginx. This artcle provides the exact steps for chaining the intermediary certificates for use with nginx.

    Chaining the Certificates

    Unlike Apache, nginx does not allow specification of intermediate certificates in a directive, so we must combine the server certificate, the intermediates, and the root in a single file. The zip file provided from Network Solutions contains a number of certificates, but no instructions on the order in which to chain them together. Network Solutions’ instructions for installing on Apache provide a hint, but let’s make it clear.

    cat your.site.com.crt UTNAddTrustServer_CA.crt NetworkSolutions_CA.crt > chained_your.site.com.crt
    

    This follows the general convention of “building up” to a trusted “root” authority by appending each intermediary. In this case UTNADDTrustServer_CA.crt is the intermediary while NetworkSolutions_CA.crt is the parent authority. With your certificates now chained together properly, use the usual nginx directives to configure SSL.

    listen                 443;
    ssl                    on;
    ssl_certificate        /etc/ssl/chained_your.site.com.crt;
    ssl_certificate_key    /etc/ssl/your.site.com.key;
    

    As always, make sure your key file is secure by giving it minimal permissions.

    chmod 600 your.site.com.key
    

    I hope this little note helps to ease nginx users looking to use a Network Solutions SSL certificate.

    hosting tls


    Comments