Create SSL cert
Go to StartSSL and create sertificate.
Put .pem(or .crt) and .key files to your server.
Add this rows to your server block:
ssl on; ssl_certificate /etc/nginx/ssl-keys/your.domain.pem; ssl_certificate_key /etc/nginx/ssl-keys/your.domain.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on;
How to avoid Firefox errors
Then – you have to go back to StartSSL page and find “Intermediate CA Certificates”.
Choose first option > StartCom Class 1 DV Server CA(pem)(SHA-2)
Download it and paste the content of this file to your cert file after your own cert key(/etc/nginx/ssl-keys/your.domain.pem):
-----BEGIN CERTIFICATE----- your key -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- downloaded key(StartCom Class 1 DV Server CA(pem)(SHA-2)) -----END CERTIFICATE-----
Restart nginx
Thanks to:
https://archives.kevin.disneur.me/2015-03-16-sec_error_unknown_issuer-error-on-firefox-with-startssl.html
https://www.startssl.com/Support?v=25