End Point

News

Welcome to End Point's blog

Ongoing observations by End Point people.

Install SSL Certificate from Network Solutions on nginx

Despite nginx serving pages for 12.22% of the web's million busiest sites, Network Solutions does not provide instructions for installing SSL certificates for nginx. This artcle provides the exact steps for chaining the intermediary certificates for use with nginx.

Chaining the Certificates

Unlike Apache, nginx does not allow specification of intermediate certificates in a directive, so we must combine the server certificate, the intermediates, and the root in a single file. The zip file provided from Network Solutions contains a number of certificates, but no instructions on the order in which to chain them together. Network Solutions' instructions for installing on Apache provide a hint, but let's make it clear.

cat your.site.com.crt UTNAddTrustServer_CA.crt NetworkSolutions_CA.crt > chained_your.site.com.crt

This follows the general convention of "building up" to a trusted "root" authority by appending each intermediary. In this case UTNADDTrustServer_CA.crt is the intermediary while NetworkSolutions_CA.crt is the parent authority. With your certificates now chained together properly, use the usual nginx directives to configure SSL.

listen                 443;
ssl                    on;
ssl_certificate        /etc/ssl/chained_your.site.com.crt;
ssl_certificate_key    /etc/ssl/your.site.com.key;

As always, make sure your key file is secure by giving it minimal permissions.

chmod 600 your.site.com.key

I hope this little note helps to ease nginx users looking to use a Network Solutions SSL certificate.

3 comments:

Anonymous said...

This works great, but if your chain files don't have any newlines at the end you will get a ssl newline error.

This post helped me fix that:

http://danalloway.com/nginx-ssl-pem_read_biobad-end-line-error/

Anonymous said...

This works great, but if your chain files don't have any newlines at the end you will get a ssl newline error.

This post helped me fix that:

http://danalloway.com/nginx-ssl-pem_read_biobad-end-line-error/

Mackenzie said...

What about the fourth file? There's also AddTrustExternalCARoot.crt in the bundle NS gives you.