(Thanks to Ingmar Steen
for the instructions)
First, use the StartSSL™ Control Panel to create a private key and certificate and transfer them to your server. Then execute the following steps (if you use a class 2 certificate replace class1 by class2 in the instructions below):
openssl rsa -in ssl.key -out /etc/nginx/conf/ssl.key
- Decrypt the private key by using the password you entered when you created your key:
Alternatively you can also use the Tool Box decryption tool of your StartSSL™ account.
chmod 600 /etc/nginx/conf/ssl.key
- Protect your key from prying eyes:
- Fetch the Root CA and Class 1 Intermediate Server CA certificates:
cat ssl.crt sub.class1.server.ca.pem > /etc/nginx/conf/ssl-unified.crt
- Create a unified certificate from your certificate and the CA certificates:
- Configure your nginx server to use the new key and certificate (in the global settings or a server section):
killall -HUP nginx
- Tell nginx to reload its configuration:
And youâ€™re done!