Using Namecheap SSL with Nginx

I used to use Godaddy and Startcom SSL. Now I just use Namecheap's Comodo PositiveSSL. It's inexpensive - $9/per year, and the installation is pretty straight-forward.
Here are the steps:

1, Buy Comodo PositiveSSl from Namecheap

2, Create domain private key and certificate signing request.
Let's suppose your domain name is example.com
#Must do these as root.
openssl genrsa -des3 -out example.com.key 2048
#you will be prompted to enter password
openssl rsa -in example.com.key -out example.com.key.nopass
#you will be prompted to enter password you created in last step
openssl req -new -key example.com.key.nopass -out example.com.csr
#you will be prompted to enter country code (US), State name, City name, Organization name etc. The most important one is "Common Name", it must be the same as your domain name. For those optional item (ones marked as []", just press enter. Don't enter "A challenge password"

The reason we use example.com.key.nopass instead of example.com.key to generated the signing request is that so we don't need to enter a password everytime you start/restart nginx.

3, Login to Namecheap/Your SSL certificate, click "Activate". You will be asked to select the server type. Just select the first one - Apache/OpenSSL (even though we are using Nginx). You then are asked to paste the certificate signing request (CSR). On your server, do a "cat example.com.csr", and copy and paste the everything (including "----BEGIN..." and "----END...") to the Namecheap web page's text-area. click submit. You will then be asked enter additional information, enter them.

4, You will receive a email from Comodo asking you to open a link and paste some code that's provided in the mail. Do that.

5, After some time (30 minutes to a few hours), you will get your certificate in email. Download the zip file. It contains 3 files: example_com.crt, PositiveSSLCA2.crt, AddTrustExternalCARoot.crt. You need to concatenate them into a single file:
cat example_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > example.com.crt

6, Configure Nginx.
Copy the files example.com.key.nopass and example.com.crt to a certian place, for example /usr/local/etc/nginx/ssl/. In Nginx conf file, point to them:

ssl on;
ssl_certificate /usr/local/etc/nginx/ssl/example.com.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/example.com.key.nopass;

After that you're done.


old homepage

Just found out the old homepage I had at UTEP still exists in archive.org.
Here're 2 awesome animated gif I pulled from there. Hard to believe I made them in 1997, 15 years ago!
The first one run animation 2 times then stop. The 2nd has a transparent background. I don't even know how to make them today without googling around.