Steps for Quick NGINX SSL installation on NGINX HTTP Server
Initial Instruction: For successful installation of NGINX SSL Certificate into NGINX HTTP server, *.PEM formatted root & intermediate certificates are required. Click here To convert SSL into *.PEM format, If SSL in *.PEM format then moves on to next step.
Step 1: Gathering All certificate file into one file
The process of gathering all SSL certificate files into one file may vary based on types of Certificate. There are lots of ways to gather Certificate files.
(1) Using Individual Certificate Files
If you having individual certificate files then use of CAT commands will let you gather all SSL Files.
Apply following syntax format “cat Device/Entity Cert Intermediates (reverse order) Root > ssl-bundle.crt”.
For Example:
Syntax: cat domainname.crt ComodoSecureServerCA.crt ExternalCARoot.crt > ssl-bundle.crt
(2) Using .crt & .ca-bundle certificate files
If you having .CRT and .ca-bundle certificate files the cat syntax format is
Syntax: cat Device/Entity Cert Bundle
For Example:
Syntax: cat domainname.crt domainname.ca-bundle > ssl-bundle.crt
(3) Using GUI Text Editor
(i) To gather certificate files into single file first open domainname.crt and domainname.ca-bundle files using any text editor.
(ii) Now copy all the content of domainname.crt and paste it on the top of domainname.ca-bundle file.
(iii) Now save the file name as ‘ssl-bundle.crt’.
Note: We have added the Certificate names for illustration purpose. You don’t need to follow with the same names. So while installation you must use the certificate file names allotted to you.
| Certificate File Name | Details |
|---|---|
| Domainname.crt | Certificate File name |
| ComodoSecureServerCA.crt | Intermediate Certificate File Name |
| ExternalCARoot.crt | Root Certificate File Name |
| SSL-bundle.crt | SSL Bundles |
Once you gather all certificate files into one file the very next step is Configuration of NGINX virtual host.
Step 2: Configuration of NGINX Virtual Host
(1) Move ‘ssl-bundle.crt’ into the server location where you have put your SSL Certificate files (E.G /etc/SSL/certs/ for Ubuntu users & /user/local/SSL/certs for windows users)
(2) Find your domain’s configuration file in the following location to modify it, If the configuration file is not available then you need to create a new one.
- /etc/nginx/sites-available/
- /user/local/nginx/sites-available/
(3) Please set following options on the configuration file
- Turn SSL on
- ssl on;
- In SSL port set is as ‘Listen’, make sure your SSL port is 443
- listen 443;
- For the new created SSL-bundle.crt file’s location set it as ‘ssl_certificate’
- SSL certificate /etc/ssl/certs/ssl-bundle.crt;
- For the location of the private key set it as ‘ssl_certificate_key’
- ssl_certificate_key /etc/ssl/private/mysite.key;
- After configuration of NGINX Virtual host file it will be look something like this
server
{
listen 443;
server_name domainname.com;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/domainname.key;
ssl_prefer_server_ciphers on;
}
Here, ssl_certificate will be the location of your SSL.bundle.crt file and ssl_certiifcate_key will be the location of your key file that you have created while CSR generation process.
Restart your NGINX Server using following command
sudo /etc/init.d/nginx restart
Finally, your SSL Certificate is installed on your NGINX HTTP Server.
Useful Resources
Before Installing the SSL
NGINX only accepts SSL Certificate from a genuine and trusted SSL Certificate Authority. Buy trusted SSL Certificate from at a cheap price with heavy discount rates.
