Add a Comodo SSL certificate to Nginx
Install Nginx first. Install Nginx based on your Linux release or refer to the official installation tutorial of Nginx.
1. Merge the obtained SSL certificate based on the obtained SSL certificate content
If you get the following four certificates, use the following command (replace www_yourdomain_com with your own)
Cat www_yourdomain_com.crt COMODORSADomainValidationSecureServerCA. crt COMODORSAAddTrustCA. crt AddTrustExternalCARoot. crt> ssl-bundle.crt
If you get the following two certificates, use the following command (replace www_yourdomain_com with your own)
Cat www_yourdomain_com.crt www_yourdomain_com.ca-bundle> ssl-bundle.crt
2. modify the Nginx virtual host configuration (the location may be/etc/nginx/sites-available/or/usr/local/nginx/sites-available /), refer to the following certificate configuration for adding and modifying
Server {
Listen 443;
Server_name 111cn.net;
Ssl on;
Ssl_certificate/etc/ssl/certs/ssl-bundle.crt;
Ssl_certificate_key/etc/ssl/private/mysite. key;
# Enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated.
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Disables all weak ciphers
Ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384: ECDHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-SHA384: ECDHE-RSA-AES128-SHA256: ECDHE-RSA-AES256-SHA: ECDHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES128-SHA256: DHE-RSA-AES256-SHA: DHE-RSA-AES128-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES-CBC3-SHA: AES256-GCM-SHA384: AES128-GCM-SHA256: AES256-SHA256: AES128-SHA256: AES256-SHA: AES128-SHA: DES-CBC3-SHA: HIGH :! ANULL :! ENULL :! EXPORT :! DES :! MD5 :! PSK :! RC4 ";
Ssl_prefer_server_ciphers on;
}