SSL Certificates are Miserable
So... I was tasked with setting up https for a website recently. I was setting up Nginx with an ssl certificate from thawte.
Pretty normal. Pretty standard. Pretty aweful.
Here's to helping the next guy get through the process quicker than I did.Testing
Before you start. Don't use a browser or openssl to test your config. It will waste your time and make you unhappy.
Use this tool to test your ssl config:
Certificate Signing Requests (*.csr), PEM Files, Intermediary Certificates, root CACertificate, Secondary Certificate BS, and more
You should know Apache and several other web servers expect your ssl certificate to be in a separate file from the intermediary certificates Like this example http.conf
ok great... but some other web servers expect your intermediary certificates to be concatenated with your ssl certificate (i.e. the one you paid for). So open up notepad and copy/paste that CA.cert into the end of your ssl.fictional.co.cert and hit save.
What about Nginx?
now your nginx config for ssl (documentation here) will look like this:
Conclusion. SSL…
is a pain in the ass.