FMCB
By:
FMCB

installtion RapidSSL on Nginx reverse proxy at front end Apache

March 9, 2014 2.6k views
Hi everyone, I spent almost the whole day trying to configure my RapidSSL certificate with Nginx reverse proxy, but wasn't able to get it right. I generated private key and managed to get the cer file from my cert issuer. now I'm a bit confused since I have some issues configuring a new block on nginx as follow: add_header Strict-Transport-Security max-age=31536000; add_header X-Frame-Options DENY; server{ listen 443 ssl; ssl on; ssl_certificate /etc/ssl/mycrt.crt; ssl_certificate_key /etc/ssl/server.key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:10m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; root /home/www/; index index.php index.html index.htm; server_name mydomain.com; location / { try_files $uri $uri/ /index.php; } location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } location ~ /\.ht { deny all; } } The weird issue is that nginx get failed when restarted if only my mycrt.crt and intermediate certificate are combined. The error says value of keys don't match. however, when I add mycrt.crt alone and private key in nginx vhost block as stated above, Nginx restart fine and pass. how about the intermediate chain keys?? I followed this tut here, but seems there is something missing.... https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO17664 did anyone managed configuring RapidSSL cert? please share your way of doing that... does anyone know what to do next or what I'm missing?? Thanks
1 Answer
Make sure that the server cert and the intermediate cert are combined in the right order. If not done correctly, it can result in a miss-match error. You can combine them with:

cat your_server.crt intermediate.crt > chained.crt

For further info see: http://nginx.org/en/docs/http/configuring_https_servers.html#chains

If you're still having problems, let us know. Please provide the full error message if this doesn't work.
Have another answer? Share your knowledge.