My client’s SSL certificates are about to run out, and we have gone
through the process of
getting the replacements from Godaddy. However their instructions as to
how to use them
are useless.
I expected a .crt and possibly a .key file, and I expected to simply
replace the existing files
with the new, and restart nginx.
However I have been given two .crt files! One contains a single
certificate and the other three certificates!
Is the reason there is no .key file because that is the private key and
would not be sent out of our control. The old will continue to work
fine.
Does anyone know what the group of certificates is for, and how I should
I introduce them to nginx?
Nginx is a compiled version :-
ian@ianhobson~ $ nginx -V
nginx version: nginx/1.6.0
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
TLS SNI support enabled
configure arguments: --sbin-path=/usr/sbin
–conf-path=/etc/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid
–with-http_ssl_module --add-module=…/nginx_tcp_proxy_module_v0.4.5
–add-module=…/nginx_http_push_module-0.712
The CA will never provide a key, if this was a simple renewal of the
existing certificate the key already in place would be the one to reuse.
One thing to note however is that SHA1 is being aggressively phased out
now
due the the Google policy change with Chrome. If that matters to you,
you’ll want to check that your cert chain is the new SHA256.