Setting up ssl on nginx on slicehost with ssl_requirement plugin

1. Purchase ssl certificate at GoDaddy

2. Create temp directory and create the key and csr

mkdir /home/username/temp
cd /home/username/temp
openssl genrsa -des3 -out myssl.key 1024
openssl req -new -key myssl.key -out myssl.csr

For the csr, you will have to enter information. Try to make it match to what you put in GoDaddy’s ssl form online.

3. Remove the passphrase you just had to create for reboot reasons with the server
See the slicehost tutorial for this

4. Copy the contents of myssl.csr to the GoDaddy form to generate the ssl certificate

cat myssl.csr
# then copy and paste the resulting text

5. For server software drop down box just choose apache, then press continue, and then check your email.

6. The technical contact on the domain name whois information will have to approve the certificate then you will receive an email with details of the certificate. Click the link in that email and on the next screen choose Apache once again. Then click ‘Download Signed Certificate’. You will get a zip file containing to files - your certificate file and the gd_intermediate_bundle.crt.

7. Combine the contents of these files into one file called myssl.crt (from here) and upload onto your web server at the same place you generated your key and csr - /home/username/temp I just used my ftp program to do this step.

8. Now we need to copy the relevant files to the /etc/ssl/ directory

sudo cp myssl.crt /etc/ssl/certs/
sudo cp myssl.key /etc/ssl/private/

9. Now follow the slicehost article for ssl and vhosts on nginx

10. Then I installed the ssl_requirement plugin in my app by following the instructions from Advanced Rails Recipe 68.

Note: This required one additional change to my /usr/local/nginx/sites-available/domain.com file. I had to add ‘proxy_set_header X_FORWARDED_PROTO https;’ at the top of my location section of the file.

Example:

server {
  listen 443;
  ...
  location / {
    proxy_set_header X_FORWARDED_PROTO https;
    ...
  }
}

Resources:
- GoDaddy ssl on gninx
- SSL certificates on slicehost with nginx
- Rails development with ssl

1 Comment | July 21, 2008

Comments

  1. Vishu | November 13, 2008

    Great post. Thanks.

    At first I got an error from godaddy:
    “The CSR you have created includes a possible compromised key.”

    Had to upgrade openssl. We were on 0.9.8e