I was thinking about allowing access to my website using SPDY protocol for better performance and security (and for fun of course 😃 ). But SPDY have one disadvantage - you need SSL certificate signed by known authority that will verfiy in common browsers. So you can’t use self signed certificates because everyone will see a warning entering your site. Certs are quite expensive so I started searching for free one and to my surprise I found such!
I found these two sites where you can generate freeware certificates for your website:
I wouldn’t trust these certification authorities enough to use it for: access my mail or other private data. But I’m fine with using it for my public websites (like my blog) to gain speed from SPDY.
Fetch the Root CA and Class 1 Intermediate Server CA certificates:
Create a unified certificate from your certificate and the CA certificates:
cat ssl.crt sub.class1.server.ca.pem ca.pem > /etc/nginx/conf/ssl-unified.crt
Configure your nginx server to use the new key and certificate (in the global settings or a server section):
Then enable SPDY like that:
listen your_id:443 default_server ssl spdy;
# other stuff
Advertise SPDY protocol
Now advertise SPDY with Alternate-Protocol header - add this clause in main location:
add_header Alternate-Protocol "443:npn-spdy/2";
Have fun with SPDY on your site 😄