Archive

Archive for April, 2012

Namecheap Positive/Comodo SSL and Nginx

Namecheap has been my source for in-expensive SSL certs for usage on web servers, especially Nginx. Since there is already a pretty good article for setting up SSL with these Namecheap Certs and Nginx, I will not “re-invent the wheel”, but it seems that the “intermediary” part of the installation wasn’t included.

http://kbeezie.com/view/free-ssl-with-nginx/

The above link should get you 90% configured, but you will want to use the included CABundle cert, which is inside the zip file that Namecheap will send you once the registration process is complete. This Bundle is required to allow your SSL cert to be able to be seen by some browsers, otherwise they will give the dreaded “self signed” style warning. To ensure that all browsers are able to use your SSL without issue, be sure to append this CABundle that is provided with your cert from Namecheap:

This is just a continuation of the Kbeezie Nginx SSL setup…

cat CABundle >> /etc/ssl/nginx/domain.pem

Once you have done this, be sure to restart Nginx for the change to be applied to the SSL server.

To test if you have correctly completed this, you can simply use curl (although openssl also has a tool to check an SSL cert)

curl -I https://secure.my-domain.com

If the server header is displayed, then you have done everything correctly. If not, you will see an error about “was not able to verify the identity of the SSL cert” error.

Example error:

curl -I https://super-cool-and-secure-domain.com
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

….

On Success, you will see a normal HTTP 200 message.

So there you have it – Thanks to Kbeezie.com for the tutorial, and I hope that this part regarding the required intermediary can tell those who are seeing errors with their Namecheap SSL cert from Comodo or PositiveSSL, and are using Nginx. Although not all browsers will complain, it’s best to make sure that you don’t have anyone closing your site, due to SSL errors 🙂

Advertisements
Categories: TechBlog