Installing a Commercial SSL Server Certificate (nginx)
This was the process to get the certificate for anyone who's interested:
- Buy a certificate (the cheapest, called SSL DV, is enough for my website). Pay first. Get an online account.
- Once they see the money they let you procede to the activation process.
- On your server, create a certificate signing request thusly:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
I left most fields blank, except the 2-letter country code and the "Common Name" which I set to the server FQDN:
- Log into their online account and locate the "Activate Certificates" page, click on "Activate", select CSR as delivery method.
- Paste the content of
server.csrinto the CSR window.
- Make sure the DNS Domain entry of the certificate points to your website!
- Verify - I chose the method "File upload verification".
- I received an e-mail with another link. Place a file on your server as instructed, click the link. It should work => green checkmark.
- Delete the files/folders used for verification.
- Go to "Manage certificates" and locate your now valid certificate. Download the certificate and intermediate certificates all the way down to the root certificate (the one your browser actually "trusts"). As plain text. They will have to get concatenated in the exact order they appear on the website:
cat actual_certificate.pem domain_validation.pem trusted_network.pem root.pem > cert.chained.pem(*)
nginxto use your
server.key(step 3.) and your
cert.chained.pem(above), as explained here.
That's it really.
I tested the result with this command:
openssl s_client -connect dt.iki.fi:443
But one can see it best in the Browser (click on the green lock).
(*) The certificate chain is explained nicely here.