How to install Comodo’s SSL certificate?

Comodo PositiveSSL SSL certificate is a type of Domain Validation that many users use because it is cheap, easy to install, and does not require confirmation of any information.

In this article, I will show you how to install the PositiveSSL certificate on the server using Nginx. With Let’s Encrypt, check out this tutorial.

1. Generate certificate

After registering for SSL, you will need to generate the new certificate file.

In this step, you need to provide the Private Key (and CSR Key), be sure to save this private key for use in the step below. It’s up to you to register certificate that support different auto generate keys.

The format of the private key is:

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXCvdAoLtG5QRb
GvYZ/9pOqYYUpA/rZnAAUAFyqdnMcMsYmD6W/m4J9W7/onDrQX7ExzfAKhbWy+FA
v18S8P7arvjxnjXoS8rs4/IVwiqLy5PqispyEmlsFp19/TpJeYltVrrPofiS7/IV
p095TH66erRgxe54BhzPI2XrurKeqSlgyMbBfgw73KaX3LP7qVcVOSEJWkz9WEhl
RJrYwZ3s8U2iFF7ZK/wX7pVN36XM187pFg6vcIjKWdnOUmgPsOYof6d72koddiPm
oOuDIHAd3M3i1OrhLmx1usHmbL5hj2ls9MI6LOjm15ZAGk+q7lIOsdRfAto8pgE7
u7oB4ts/AgMBAAECggEAaLYGP4oEpzjNLi+qtm5HNxaFG3fn6JAw6XYLvnHGhC5I
NumrUIsDugWwzvmiUmvJ9rerBf94r48HWCfXe7mt335j6gNH7J07aq50KvQpE3lF
xWdfvLwKaX95oOe1giGUMZGR1ZjhGWuNTc3yfPYqn1Mwkg7PV9JiJNrvviFi6K5B
vcjVNBlf44zQG4UMeZ9T/aoVFtmDifRMDQQ62MdzgJs4AE0U2+MEbN3NBySbeXID
-----END PRIVATE KEY-----

The SSL certificate email from Comodo has the following title: “Your PositiveSSL Certificate for coupontree.co”, in the mail attach a compressed file coupontree_co.zip contains 2 files:

Coupontree_co.crt
Coupontree_co.ca-bundle

You use any editor, ex: Notepad ++, open the file coupontree_co.crt, copy all the content and paste to the top of the file coupontree_co.ca-bundle, save to file ssl-bundle.crt.

At this time, the ssl-bundle.crt certificate file will contain the contents of both .crt and .ca-bundle files. You note the order for the standard!

2. Install the SSL certificate

Create the folder containing the certificate file:

mkdir -p /etc/nginx/ssl/coupontree_co/

Save the certificate file content in this folder, copy/paste using nano:

nano /etc/nginx/ssl/coupontree_co/ssl-bundle.crt

Save Private Key content in Folder:

nano /etc/nginx/ssl/coupontree_co/private.key

Create 2048 bit DH parameter files, the generate process will take a long time:

openssl dhparam 2048 -out /etc/nginx/ssl/dhparam.pem

Next, we will edit the Nginx configuration file. For example, your domain name is “coupontree.co”, the configuration file will have a path of /etc/nginx/conf.d/coupontree.co.conf.

Open configuration file with nano

nano /etc/nginx/conf.d/coupontree.co.conf

SSL configuration handles requests

In block server adjust the second {…}:

+ Change listen 80 default_server; To listen 443 ssl http2;

+ Following line server_name coupontree.co; Add the optimized SSL configuration snippet:

# SSL
        ssl_certificate /etc/nginx/ssl/coupontree_co/ssl-bundle.crt;
        ssl_certificate_key /etc/nginx/ssl/coupontree_co/private.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';

        # Improve HTTPS performance with session resumption
        ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;
      
        # DH parameters
        ssl_dhparam /etc/nginx/ssl/dhparam.pem;

        # Enable HSTS
        add_header Strict-Transport-Security "max-age=31536000" always;

Redirect all www http to https

In the server {…} block at the top:

+ Change server_name www.coupontree.co; Go to server_name coupontree.co www.coupontree.co;

+ Change rewrite ^ (. *) Http: //coupontree.co$1 permanent; To rewrite ^ (. *) Https: //coupontree.co$1 permanent;

The results are as follows:

server {
	listen   80;
	server_name coupontree.co www.coupontree.co;
	rewrite ^(.*) https://coupontree.co$1 permanent;
}

At this time, visit http://coupon=tree.co or http://www.coupontree.co will automatically redirect to https://coupontree.co

Redirect all www https to https

Add new server { … } block at the top

server {
	listen   443 ssl http2;
	server_name www.coupontree.co;

	# SSL
        ssl_certificate /etc/nginx/ssl/coupontree_co/ssl-bundle.crt;
        ssl_certificate_key /etc/nginx/ssl/coupontree_co/private.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
	rewrite ^(.*) https://coupontree.co$1 permanent;
}

At this time, visit https://www.coupontree.co will automatically redirect to https://coupontree.co

Check Nginx configuration

nginx -t

Restart Nginx

service nginx restart

If you use WordPress, install the Really Simple SSL plugin to auto redirect http to https and move all .css, .js link to https.

If you do not want to use the Really Simple SSL plugin, please refer to the Let’s Encrypt Installation Guide in cPanel for instructions on how to do it manually.

Now visit the domain to enjoy the results. Good luck.

Leave a Reply

Your email address will not be published. Required fields are marked *