StartSSL™
Sign-up for Free
 
StartSSL™
en  fr  de  ru  cz     






StartSSL™ EV

Supported Browsers and Platforms

StartSSL™ - The Swiss Officer's Knife of Digital Certificates & PKI

 
StartSSL™ Free

NGINX Server

 
(Thanks to Ingmar Steen for the instructions)

First, use the StartSSL™ Control Panel to create a private key and certificate and transfer them to your server. Then execute the following steps (if you use a class 2 certificate replace class1 by class2 in the instructions below):
  • Decrypt the private key by using the password you entered when you created your key:
openssl rsa -in ssl.key -out /etc/nginx/conf/ssl.key

Alternatively you can also use the Tool Box decryption tool of your StartSSL™ account.
  • Protect your key from prying eyes:
chmod 600 /etc/nginx/conf/ssl.key
  • Fetch the Root CA and Class 1 Intermediate Server CA certificates:
wget http://www.startssl.com/certs/ca.pem
wget http://www.startssl.com/certs/sub.class1.server.ca.pem
  • Create a unified certificate from your certificate and the CA certificates:
cat ssl.crt sub.class1.server.ca.pem ca.pem > /etc/nginx/conf/ssl-unified.crt
  • Configure your nginx server to use the new key and certificate (in the global settings or a server section):
ssl on;
ssl_certificate /etc/nginx/conf/ssl-unified.crt;
ssl_certificate_key /etc/nginx/conf/ssl.key;

  • Tell nginx to reload its configuration:
killall -HUP nginx

And you’re done!