Question

installtion RapidSSL on Nginx reverse proxy at front end Apache

Posted March 9, 2014 4.1k views
Hi everyone, I spent almost the whole day trying to configure my RapidSSL certificate with Nginx reverse proxy, but wasn't able to get it right. I generated private key and managed to get the cer file from my cert issuer. now I'm a bit confused since I have some issues configuring a new block on nginx as follow: add_header Strict-Transport-Security max-age=31536000; add_header X-Frame-Options DENY; server{ listen 443 ssl; ssl on; ssl_certificate /etc/ssl/mycrt.crt; ssl_certificate_key /etc/ssl/server.key; ssl_session_timeout 5m; ssl_session_cache shared:SSL:10m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; root /home/www/; index index.php index.html index.htm; server_name mydomain.com; location / { try_files $uri $uri/ /index.php; } location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } location ~ /\.ht { deny all; } } The weird issue is that nginx get failed when restarted if only my mycrt.crt and intermediate certificate are combined. The error says value of keys don't match. however, when I add mycrt.crt alone and private key in nginx vhost block as stated above, Nginx restart fine and pass. how about the intermediate chain keys?? I followed this tut here, but seems there is something missing.... https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO17664 did anyone managed configuring RapidSSL cert? please share your way of doing that... does anyone know what to do next or what I'm missing?? Thanks

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
Make sure that the server cert and the intermediate cert are combined in the right order. If not done correctly, it can result in a miss-match error. You can combine them with:

cat your_server.crt intermediate.crt > chained.crt

For further info see: http://nginx.org/en/docs/http/configuring_https_servers.html#chains

If you're still having problems, let us know. Please provide the full error message if this doesn't work.
Submit an Answer