https://gist.github.com/junxy/2464633f27345fbe6a98
# if your pfx file is yourdomain.com.pfx # split the name up so you can have a descriptive # cert and key name OUT=yourdomain.com PFX=.pfx # create pem fromat certs from pfx fiiles # and a decrypted key openssl pkcs12 -in ${OUT}${PFX} -nocerts -out ${OUT}.key # you will prompted for the pfx password... # create an unencrypted file so you can restart nginx without entering # a passphrase each time openssl rsa -in ${OUT}.key -out ${OUT}-decrypted.key openssl pkcs12 -in ${OUT}${PFX} -clcerts -nokeys -out ${OUT}.cert # you need to download the chain of certificates and combine them in the right order (your ssl cert, intermediate then root cert) cat yourdomain.com.cert \ globalsignintermediate.crt \ globalsignr3root.crt > yourdomain.com-bundle.crt mkdir /etc/nginx/ssl chmod 700 /etc/nginx/ssl cp yourdomain.com-decrypted.key /etc/nginx/ssl cp yourdomain.com-bundle.crt /etc/nginx/ssl # make sure only root can read or access the certs/keys chmod 600 /etc/nginx/ssl/*
The ssl_certficate and ssl_certificate_key list the path to the certs and keys relative to your /etc/nginx/nginx.conf file
server { listen 443 ssl; server_name yourdomain.com; ssl_certificate ssl/yourdomain.com-bundle.crt; ssl_certificate_key ssl/yourdomain.com-decrypted.crt; # ... rest of config }
It’s a good idea to do a syntax check before restarting the nginx server
$ nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
service restart nginx or systemctl restart nginx
0 Comments