Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexey Kuzmin2015-11-25 09:24:56
Nginx
Alexey Kuzmin, 2015-11-25 09:24:56

How to add an SSL certificate to Nginx?

Hello everyone
How to add an ssl certificate to Nginx? It seems that everything was done as it should (and the certificate was purchased):

server {
    listen      443 ssl;
    server_name hostname;

    ssl_certificate      /etc/ssl/private/project.pem;
    ssl_certificate_key  /etc/ssl/private/project.key;

    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout  5m;
    ssl_prefer_server_ciphers   on;

    location /  {
        # ....
    }
}

When I log in via chrome it says:
Ваше подключение не защищено
Злоумышленники могут пытаться похитить ваши данные
с сайта hostname.ru (например, пароли, сообщения или номера банковских карт). 
NET::ERR_CERT_AUTHORITY_INVALID

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
A
Alexey Romanenko, 2015-11-25
@slimus

What's in the logs?

Report
N
nonname, 2015-11-25
@nonname

Does the public key only contain the certificate itself or the chain? Most likely there is such a chain as ROOT CA - Intermediate - your certificate, it would be nice to download more Intermediate and blind them together with yours. nginx.org/ru/docs/http/configuring_https_servers.html here in the certificate chain section there is info on how to do this.

Report
V
Volodymyr Godyak, 2016-06-02
@wmgodyak

For mobile, you need to make a chain of certificates and transfer it as a certificate.
It is described in detail here: nginx.org/ru/docs/http/configuring_https_servers.html
Example:

cd /etc/nginx/ssl
ll
 > domain.ca-bundle domain.crt  domain.csr  domain.rsa

cat domain.crt domain.ca-bundle >  domain.chained.crt
ll
> domain.ca-bundle domain.crt  domain.csr  domain.rsa domain.chained.crt

My nginx config
server {
        listen 80 default_server;

        listen 443 ssl;

        root /var/www/domain/frontend/www;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name domain.com;

        ssl_certificate /etc/nginx/ssl/domain.chained.crt;
        ssl_certificate_key /etc/nginx/ssl/domain.rsa;

        ssl_session_timeout 5m;
        ssl_protocols SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
        ssl_prefer_server_ciphers on;

......

Similar questions
S
Sylar Gray2014-07-02 22:49:16
How to search for similar records in mysql by possible similarity of 3 fields? 5Reply
M
Mikhail Svarichevsky2018-11-04 02:22:53
Nginx reverse proxy: What is the performance impact of proxy_buffering on large files and slow upstream? 1Reply
T
TraiDeR2016-06-05 19:40:47
How to fix nginx error: unknown directive "fastcgi_cache_purge"? 3Reply
W
WhiteApfel2018-11-05 18:31:25
Why is php not working when issuing index.php via try_files $uri/index.php? 1Reply
H
HaruAtari2014-04-22 13:26:49
How to properly display images with a watermark? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question