How to install Godaddy SSL Certificate to Nginx or Node.JS under Ubuntu OS

I assume you have already generated a private key (e.g. xxxx.com.private.key) and a CSR and submitted the CSR file to Godaddy.  Now you just want to download and install the SSL certificate.

  1. There are many web server to choose.  Just pick Apache.
  2. Down the 2 files to a local folder (e.g. /etc/nginx/ssl)
    • Your SSL Certificate with a random name (Ex. c87b9chf834hts.crt)
    • The GoDaddy intermediate certificate bundle (gd_bundle-g2-g1.crt)
  3. Create a single chained certificate file by concatenating both 2 files:
       1: cat c87b9chf834hts.crt gd_bundle-g2-g1.crt > xxxx.com.chained.crt

Nginx

Open your Nginx configuration file: (e.g. sudo subl /etc/nginx/sites-available/default)

   1: server {

   2:     ...

   3:     listen 443;

   4:     server_name xxxx.com;

   5:  

   6:     ssl on;

   7:     ssl_certificate /etc/nginx/ssl/xxxx.com.chained.crt;

   8:     ssl_certificate_key /etc/nginx/ssl/xxxx.com.private.key;

   9:     ...

  10: }

Verify and test the modified configuration file:

   1: $ sudo nginx –t

Restart Nginx:

   1: $ sudo systemctl restart nginx

You can test the connection with a browser or openssl for more verbose testing:

   1: $ openssl s_client -connect localhost:443

 

Node.JS

   1: var express = require('express'),

   2:   app = express(),

   3:   port = process.env.PORT || 8080;

   4: 

   5: var fs = require('fs');

   6:  

   7: var options = {

   8:     key: fs.readFileSync('/etc/ssl/xxx.com.private.key'),

   9:     cert: fs.readFileSync('/etc/ssl/xxxx.com.chained.crt')

  10: };

  11: 

  12: var https = require('https');

  13:  

  14: ...

  15:  

  16: var serv = https.createServer(options, app);

  17: serv.listen(port);

Tips:

  • Make sure your cloud provider (AWS or Azure) allows inbound traffic through 443.  Otherwise, you get a connection timeout.
  • By default, ufw is disabled.  Leave it disabled until you need it.  You can check the status by doing “sudo ufw status verbose”  It should say “inactive”

Reference

https://medium.com/@mrkdsgn/steps-to-install-a-go-daddy-ssl-certificate-on-nginx-on-ubuntu-14-04-ff942b9fd7ff

https://contextneutral.com/story/creating-an-https-server-with-nodejs-and-express

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s