I always use startssl.com to get free authentication certificates. It’s a little clunky to use, but it’s free and that makes it awesome. When it comes time to configure Nginx to use my new certificates, I always forget what to do. These instructions are adapted from here.
Having successfully followed the instructions at startssl.com, you’ll wind up with these four files:
I like to put these all in a directory and zip ‘em up for transport to the production server. Assuming that they’ve all been saved to a directory named for your URL (e.g.,
Then, from the production machine, untar the file:
Decrypt the private key with the password you entered at startssl.com.
The unencrypted private key is not something you want to show off. Make it so only
root can read it:
Nginx needs the startssl.com intermediate certificate concatenated to the public certificate:
The private key has been decrypted and the public key concatenated. Supposing you have an Nginx server directive that looks like this:
We need to move the public and private keys into the directory specified (
Restart your Nginx server and your certificates should be ready to go.