From August 19th 2020, SECTIGO issues SSL certificates with a maximum lifetime of 398 days (13 months) as specified by CA/Browser consortium. SSL certificates with a longer lifetime must be re-issued annually (free of charge). You'll receive reminders via e-mail. SSL certificates issued before August 19th 2020 remain valid until their planned expiry date. Code Signing & S/MIME certificates are not affected and remain valid until their planned expiry date.

GEOTRUST RapidSSL: Installing SSL certificates including intermediate (ca_bundle) certificate on nginx

Note: When placing your CSR inside the MY INTERSSL account, please choose server type "apache/mod_SSL" in case "nginx" isn't available as an option.

 

Example paragraph from nginx/conf/gitlab-http.conf


listen *
:443 ssl;

server_name git.b-nm.at;
 
ssl_certificate /var/opt/gitlab/nginx/ssl/git.b-nm.at.crt.ca.pem;
ssl_certificate_key /var/opt/gitlab/nginx/ssl/git.b-nm.at.key;
ssl_protocols TLSv1 TLSv1.TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;


Important: as nginx only allows to specify one file for the SSL certificate, you need to copy the .CRT file and the .CA_BUNDLE (=intermediate certificate) together using a text editor, so that the full intermediate certificate chain is available in this file, to be used with the ssl_certificate statement inside the config file.



ssl_certificate example for RapidSSL:

-----BEGIN CERTIFICATE-----
.
.
.
. **** CONTENTS OF YOUR SSL CERTIFICATE *****
.
.
.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgIDAjpxMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMjExMjM0
NTUxWhcNMjIwNTIwMjM0NTUxWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j
LjEbMBkGA1UEAxMSUmFwaWRTU0wgU0hBMjU2IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAu1jBEgEul9h9GKrIwuWF4hdsYC7JjTEFORoGmFbdVNcRjFlbPbFUrkshhTIWX1SG5tmx
2GCJa1i+ctqgAEJ2sSdZTM3jutRc2aZ/uyt11UZEvexAXFm33Vmf8Wr3BvzWLxmKlRK6msrVMNI4
/Bk7WxU7NtBDTdFlodSLwWBBs9ZwF8w5wJwMoD23ESJOztmpetIqYpygC04q18NhWoXdXBC5VD0t
A/hJ8LySt7ecMcfpuKqCCwW5Mc0IW7siC/acjopVHHZDdvDibvDfqCl158ikh4tq8bsIyTYYZe5Q
Q7hdctUoOeFTPiUs2itP3YqeUFDgb5rE1RkmiQF1cwmbOwIDAQABo4IBSjCCAUYwHwYDVR0jBBgw
FoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFJfCJ1CewsnsDIgyyHyt4qYBT9pvMBIG
A1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9nMS5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
BzABhhNodHRwOi8vZzIuc3ltY2IuY29tMEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsG
AQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMCkGA1UdEQQiMCCk
HjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTU2OTANBgkqhkiG9w0BAQsFAAOCAQEANevhiyBW
lLp6vXmp9uP+bji0MsGj21hWID59xzqxZ2nVeRQb9vrsYPJ5zQoMYIp0TKOTKqDwUX/N6fmS/Zar
RfViPT9gRlATPSATGC6URq7VIf5Dockj/lPEvxrYrDrK3maXI67T30pNcx9vMaJRBBZqAOv5jUOB
8FChH6bKOvMoPF9RrNcKRXdLDlJiG9g4UaCSLT+Qbsh+QJ8gRhVd4FB84XavXu0R0y8TubglpK9Y
Ca81tGJUheNI3rzSkHp6pIQNo0LyUcDUrVNlXWz4Px8G8k/Ll6BKWcZ40egDuYVtLLrhX7atKz4l
ecWLVtXjCYDqwSfC2Q7sRwrp0Mr82A==
-----END CERTIFICATE-----

Was this answer helpful?

 Print this Article

Also Read

Can you issue SSL certificates for .cu (Cuba) and .ir (Iran) domains?

COMODO: no, unfortunately not possible. GEOTRUST: no, unfortunately not possible.  

SSL request and installation under Synology DiskStation NAS

If you want to obtain a SSL certificate for your Synology diskstation, we recommend to NOT use...

SSL Zertifikat für Elopage: Beantragung und Installation

InterSSL hat bereits viele Kunden mit SSL Zertifikaten beliefert, die eine Elopage betreiben....

GEOTRUST RapidSSL installation in Plesk 12 (Certificate chain, intermediate certificates)

After validating the RapidSSL certificate request, GEOTRUST is delivering your RapidSSL...

Issueing SSL certificates for internal server names (e.g. .local) - Microsoft Exchange Server, DNS, etc.

As per July 2012 SSL certificates for local server names will not longer be issued, accoring to...