SSL Certificate confusion

Hi All,

My client’s SSL certificates are about to run out, and we have gone
through the process of
getting the replacements from Godaddy. However their instructions as to
how to use them
are useless.

I expected a .crt and possibly a .key file, and I expected to simply
replace the existing files
with the new, and restart nginx.

However I have been given two .crt files! One contains a single
certificate and the other three certificates!

Is the reason there is no .key file because that is the private key and
would not be sent out of our control. The old will continue to work
fine.

Does anyone know what the group of certificates is for, and how I should
I introduce them to nginx?

Nginx is a compiled version :-
[email protected]~ $ nginx -V
nginx version: nginx/1.6.0
built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5)
TLS SNI support enabled
configure arguments: --sbin-path=/usr/sbin
–conf-path=/etc/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid
–with-http_ssl_module --add-module=…/nginx_tcp_proxy_module_v0.4.5
–add-module=…/nginx_http_push_module-0.712

Many thanks

Ian

Hello!

On Fri, Oct 17, 2014 at 05:19:29PM +0100, Ian wrote:

with the new, and restart nginx.

However I have been given two .crt files! One contains a single certificate
and the other three certificates!

Is the reason there is no .key file because that is the private key and
would not be sent out of our control. The old will continue to work fine.

Does anyone know what the group of certificates is for, and how I should I
introduce them to nginx?

The file with three certificates is a bundle with intermediate
certs. See here for more info:

http://nginx.org/en/docs/http/configuring_https_servers.html#chains


Maxim D.
http://nginx.org/

The CA will never provide a key, if this was a simple renewal of the
existing certificate the key already in place would be the one to reuse.
One thing to note however is that SHA1 is being aggressively phased out
now
due the the Google policy change with Chrome. If that matters to you,
you’ll want to check that your cert chain is the new SHA256.

__________________Scott LarsonSystems AdministratorWiredrive/LA310 823
8238 ext. 1106310 943 2078 faxwww.wiredrive.com
http://www.wiredrive.com/www.twitter.com/wiredrive
http://www.twitter.com/wiredrivewww.facebook.com/wiredrive
http://www.wiredrive.com/facebook