You are here: Supporting Documents > Reference Topics > How To Setup, Deploy, and Create in the Stratus Cloud > Setting up Recommended Certification Distribution

Setting up Recommended Certification Distribution

Use the following procedure to set up your recommended certification distribution.

To set up the recommended certification distribution:

Edit the Nginx virtual hosts file (/etc/nginx/conf.d/orchestrator.conf) for the website you are securing. If your site must be accessible through both secure (https) and non-secure (http) connections, a server module for each type of connection is required.
- ssl_certificate is the primary certificate combined with the intermediate certificate that you made in a previous step; for example, your_domain_name.crt: /etc/ssl/certs/stratus-orchestrator.crt
- ssl_certificate_key is the key file generated when you created the CSR: /etc/ssl/private/stratus-orchestrator.key
- Make a copy of the existing non-secure server module, and paste it below the original.
- Then add the lines in red below:
  server {
  listen 443;
  ssl on;
  ssl_certificate /etc/ssl/certs/stratus-orchestrator.crt;
  ssl_certificate_key /etc/ssl/private/stratus-orchestrator.key;
  server_name your.domain.com;
  access_log /var/log/nginx/nginx.vhost.access.log;
  error_log /var/log/nginx/nginx.vhost.error.log;
  location / {
  root /home/www/public_html/your.domain.com/public/;
  index index.html;
  }
  }
Restart Nginx using the following command:

sudo /etc/init.d/nginx restart

Troubleshooting

Open a web browser and visit your site using https. Stratus recommends testing with both Internet Explorer and Firefox, because Firefox generates a warning if your intermediate certificate is not installed. You should not receive any browser warnings or errors.

If you immediately receive a browser message about the site not being available, then Nginx may not yet be listening on port 443.
If your web request takes a very long time followed by a time out, this could be due to a firewall blocking traffic on TCP port 443 to the web server.
If you receive a Not Trusted warning, view the certificate to see if it is the certificate you expect. Check the Subject, Issuer, and Valid To fields.
If the certificate is issued by DigiCert, then your primary certificate (your_domain_name.crt) may not be correctly combined with the intermediate certificate.

References

For additional information, refer to:

https://www.digicert.com/ssl-certificate-installation-nginx.htm

http://wiki.nginx.org/NginxHttpSslModule

Product Support and Downloads Web: http://www.stratus.com/services-support/downloads Phone: (US Toll-Free) 866-763-1813 Phone: (International) 602-852-3094	About Stratus U.S. Operations 111 Powdermill Road Maynard, MA 01754-3409 978-461-7000 Worldwide Office Locations
Product Documentation (PDF Format) Stratus Cloud Solution Administrator's Guide Stratus Cloud Solution Installation Guide	About Help Help created at 12:06 PM on 5/8/2015.