ssl certificate

This document mainly created  for comodo ssl service. 

Root Certificate. You don’t need it. It’s just adding bloat to your cert.

Concatenate files into single file

• Root CA Certificate – AddTrustExternalCARoot.crt
• Intermediate CA Certificate – COMODORSAAddTrustCA.crt
• Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
• Your PositiveSSL Certificate – is_learntv_lk.crt
  

cat is_name.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > is_learntv_lk.crt
cp name.cer /etc/ssl/certs/

generate private key file (it important to certificate signing request-CSR)

1. private key

this is the file first you created before ssl request. Also csr file, these two files missing certificate is usefullness. 

openssl genrsa -des3 -out name.key 2048

openssl req -newkey rsa:2048 -nodes -keyout name.key -out is_learntv_lk.csr

above command will create key and csr file. When you apply ssl certificate, you need to put data from csr file to comodo.

verify

openssl rsa -check -in domain.key
openssl rsa -noout -modulus -in name.key | openssl md5

if name.key and name.crt md5 key is different then execute below code. Generate csr from existing certificate and key
 

openssl x509 -in name.cer -signkey name.key -x509toreq -out name.csr

openssl x509 -noout -modulus -in name.crt | openssl md5

openssl req -noout -modulus -in name.csr | openssl md5 

Nginx server block 

 server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        listen 443 ssl;

        root /usr/share/nginx/html;
        index index.html index.htm;

        server_name your_domain.com;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        location / {
                try_files $uri $uri/ =404;
        }
}