To ensure that your website is securely running it needs to have https enabled. This short tutorial will list steps necessary to secure NGINX server with a free Class 1 certificate from StartSSL.
1. You have a server running NGINX
2. You have already setup free account with StartSSL
3. You have validated your domain with StartSSL
Download the StartSSL CA Certificate using wget:
Download the StartSSL Intermediate CA Certificate using wget:
Create a unified CA Certificate file:
cat sub.class1.server.ca.pem >> ca.pem
Private key and Website Certificate
Use the StartSSL™ Control Panel to create a private key and certificate and transfer them to your server.
My naming convention:
Private key: website.com.original.key
Then execute the following steps:
Decrypt the private key by using the password you entered when you created your key:
openssl rsa -in website.com.original.key -out website.com.key
Secure your key:
chmod 600 website.com.key
Create a single file containing your signed certificate and the StartSSL CA certificates for Nginx:
cat website.com.crt ca.pem > website.com.unified.crt
Configure your nginx server to use the new key and certificate (in the global settings or a server section):
Reload nginx config or restart the service.
And you’re done!