Clarification regarding SSL certificate installation

I have nginx as server. I want to use https and I am looking to understand how to do it.

I am looking to buy the certificate from DigiCert or comodo certificate through combell.

DigiCert has nice pages and even they have installation steps for nginx

http://www.digicert.com/ssl-certificate … -nginx.htm">http://www.digicert.com/ssl-certificate-installation-nginx.htm

I understand I have to generate CSR file when asking the authority to issue me the certificate.

If I understand well I get unencrypted key and the csr file; the later is to be sent when requesting the certificate.

What I do not understand is why the key is unencrypted. Should I encrpyt somehow the private key?

Should I put the unencrypted key in nginx conf or encrypted key with the password?

In a different scenario I have encountered several months ago, I have been given from the authority the pfx file protected with a pass choosen by me,

and when extracting the private key I have protected the private key again with a pass (if I remeber well).

I am studying the ssl certificate/installation the whole day and I think I got it for the most part. Just need this clarification I think.

Thanks

Nenad

2 Replies

You can encrypt the server's private key with a passphrase if you'd like, but you would have to enter that passphrase every time your web server starts. This is a tradeoff between convenience and security.

Yes I thought it was that way.

Thanks

Nenad

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct