From d86f73e4a3e31b4dbf45f00db30efdb2db5d6eb3 Mon Sep 17 00:00:00 2001 From: Jan-Erik Rediger Date: Thu, 8 Sep 2011 00:53:14 +0200 Subject: [PATCH] add nginx config example for ssl --- _posts/2011-09-08-running-on-ssl.markdown | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/_posts/2011-09-08-running-on-ssl.markdown b/_posts/2011-09-08-running-on-ssl.markdown index 5a4f184..a5506e2 100644 --- a/_posts/2011-09-08-running-on-ssl.markdown +++ b/_posts/2011-09-08-running-on-ssl.markdown @@ -11,6 +11,14 @@ Even though the [SSL][] and [CA][] system is totally broken right now, I finally My SSL certificate is signed by [cacert][] (they approved me at last year's FrOSCon). +If you're using nginx, all you need to do is adding the following lines to your config: + + listen 443 ssl; + ssl_certificate /path/to/your/cert.pem; + ssl_certificate_key /path/to/your/key.pem; +{:lang="text"} + + If you followed some of the latest news around the scene, you probably heard of the [diginotar debacle][diginotar]. This should make clear how broken the system is and how unsecure these SSL certificates can be with all those CAs around. For more information on the CA system and how it could be replaced by a more robust and secure infrastructure watch [SSL And The Future Of Authenticity][blackhat] by [Moxie Marlinspike][moxie] from this year's Blackhat Conference.