The steps below show how to install comodo certificate on centos7.
I have used bigrock.in for the domain registration and procuring the certificates
-
Create a folder to put all our ssl certificates
mkdir /etc/nginx/ssl/c2r_com cd /etc/nginx/ssl/c2r_com
-
Run the command to generate the private key and CSR
openssl req -newkey rsa:2048 -nodes -keyout c2r.com.key -out c2r.com.csr
At this point, you will be prompted for several lines of information that will be included in your certificate request. The most important part is the Common Name field which should match the name that you want to use your certificate with — for example, c2r.com, *.c2r.com (wildcard).
-
This will generate you two files: c2r.com.key - Private key. You’ll need this later to configure NGINX. c2r.com.csr - CSR file.
-
Now you can purchase your certificate. You will need to copy and paste your c2r.com.csr certificate to send your request for a SSL Certificate. Use this command to print your file:
Choose any vendor and purchase the certificate. Once the certificate is approved, download the certificate artifacts
Comodo provides all the required root and intermedite certificates @
The downloaded artifacts includes
- Root CA Certificate - addtrustexternalcaroot.crt
- Intermediate CA Certificate - comodorsaaddtrustca.crt
- Intermediate CA Certificate - comodorsadomainvalidationsecureserverca.crt
- Root CA Bundle - comodo-rsa-domain-validation-sha-2-w-root.ca-bundle
- Intermedite CA Bundle - comodo-rsa-domain-validation-sha-2-intermediates.ca-bundle
The application ceritificate is provided in the email or on web site
- Application Certificate - c2r.crt
-
Copy all the certificate artifacts to the server under the designated folder
/etc/nginx/ssl/c2r_com
-
Combine the certificates to create a bundle
cat c2r.crt comodorsadomainvalidationsecureserverca.crt > ssl-bundle.crt
-
update the nginx configuration
server { listen 443 ssl; server_name beta.c2r.com; ssl on; ssl_certificate /etc/nginx/ssl/c2r/c2r.crt; ssl_certificate_key /etc/nginx/ssl/c2r/ssl-bundle.crt; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; }
-
Check if the configuration is correct by running
nginx -t
-
Restart nginx
sudo systemctl restart nginx
-
Installing the certificate gave the folloing error on restaring the server
nginx SSL PEM_read_bio:bad end line
-
Open the ssl-bundle.crt
-
The concatenation had created a mess
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
-
Just add a line break
-----END CERTIFICATE----- -----BEGIN CERTIFICATE-----
-
Hey, thanks for the tutorial, but you are missing the key completely.
This is wrong (wrong order and missing key):
ssl_certificate /etc/nginx/ssl/c2r/c2r.crt;
ssl_certificate_key /etc/nginx/ssl/c2r/ssl-bundle.crt;
It should be:
ssl_certificate /etc/nginx/ssl/c2r/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/c2r/c2r.key;
The key must be uploaded to the folder also :)