installtion RapidSSL on Nginx reverse proxy at front end Apache

March 9, 2014 2.3k views
Hi everyone, I spent almost the whole day trying to configure my RapidSSL certificate with Nginx reverse proxy, but wasn't able to get it right. I generated private key and managed to get the cer file from my cert issuer. now I'm a bit confused since I have some issues configuring a new block on nginx as follow: add_header Strict-Transport-Security max-age=31536000; add_header X-Frame-Options DENY; server{ listen 443 ssl; ssl on; ssl_certificate /etc/ssl/mycrt.crt; ssl_certificate_key /etc/ssl/server.key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:10m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; root /home/www/; index index.php index.html index.htm; server_name; location / { try_files $uri $uri/ /index.php; } location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass; } location ~ /\.ht { deny all; } } The weird issue is that nginx get failed when restarted if only my mycrt.crt and intermediate certificate are combined. The error says value of keys don't match. however, when I add mycrt.crt alone and private key in nginx vhost block as stated above, Nginx restart fine and pass. how about the intermediate chain keys?? I followed this tut here, but seems there is something missing.... did anyone managed configuring RapidSSL cert? please share your way of doing that... does anyone know what to do next or what I'm missing?? Thanks
1 Answer
Make sure that the server cert and the intermediate cert are combined in the right order. If not done correctly, it can result in a miss-match error. You can combine them with:

cat your_server.crt intermediate.crt > chained.crt

For further info see:

If you're still having problems, let us know. Please provide the full error message if this doesn't work.
Have another answer? Share your knowledge.