Nginx – enabling SPDY with freeware certificate

I was thinking about allowing access to my website using SPDY protocol for better performance and security (and for fun of course πŸ™‚ ). But SPDY have one disadvantage – you need SSL certificate signed by known authority that will verfiy in common browsers. So you can’t use self signed certificates because everyone will see a warning entering your site. Certs are quite expensive so I started searching for free one and to my surprise I found such!

I found these two sites where you can generate freeware certificates for your website:

I wouldn’t trust these certification authorities enough to use it for: access my mail or other private data. But I’m fine with using it for my public websites (like my blog) to gain speed from SPDY.

Configuring cert

Fetch the Root CA and Class 1 Intermediate Server CA certificates:


Create a unified certificate from your certificate and the CA certificates:

cat ssl.crt ca.pem > /etc/nginx/conf/ssl-unified.crt

Enable SPDY

Configure your nginx server to use the new key and certificate (in the global settings or a server section):

ssl on;
ssl_certificate /etc/nginx/conf/ssl-unified.crt;
ssl_certificate_key /etc/nginx/conf/ssl.key;

Then enable SPDY like that:

server {
listen your_ip:80;
listen your_id:443 default_server ssl spdy;

# other stuff

Advertise SPDY protocol

Now advertise SPDY with Alternate-Protocol header – add this clause in main location:

add_header Alternate-Protocol "443:npn-spdy/2";

Have fun with SPDY on your site πŸ™‚

7 thoughts on “Nginx – enabling SPDY with freeware certificate”

  1. Unfortunately, it doesn’t work… because browsers remove support for spdy2 (Chrome no longer, Firefox will stop in v28).
    Solution: use spdy3… but we must use nginx 1.5.10 or newer from mainline.

    1. I missed out this issue…
      I’m using nginx packages from dotdeb and for now there is no 1.5.x version. But I saw recently that Nginx serves own repos with current version for popular distros here: I’m planning this switch but have no time lately. You could try it and let me know if it works for you πŸ˜‰

  2. I also use dotdeb now and I’m also planning switch to official.
    Here is the disadvantage that it (official repo) doesn’t offer as much modules as dotdeb (example: lack of pagespeed module).

    I will try and inform about this πŸ™‚

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.