Install SSL Certificate on NGINX HTTP Server

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Steps for Quick SSL installation on NGINX HTTP Server

Initial Instruction: For successful installation of SSL Certificate into NGINX HTTP server, *.PEM formatted root & intermediate certificates are required. Click here To convert SSL into *.PEM format, If SSL in *.PEM format then moves on to next step.

NGINX SSL Installation

Step 1: Gathering All certificate file into one file

The process of gathering all SSL certificate files into one file may vary based on types of Certificate. There are lots of ways to gather Certificate files.

(1) Using Individual Certificate Files

If you having individual certificate files then use of CAT commands will let you gather all SSL Files.

Apply following syntax format “cat Device/Entity Cert Intermediates (reverse order) Root > ssl-bundle.crt”.

For Example:

Syntax: cat domainname.crt ComodoSecureServerCA.crt ExternalCARoot.crt > ssl-bundle.crt

(2) Using .crt & .ca-bundle certificate files

If you having .CRT and .ca-bundle certificate files the cat syntax format is

Syntax: cat Device/Entity Cert Bundle

For Example:

Syntax: cat domainname.crt > ssl-bundle.crt

(3) Using GUI Text Editor

(i) To gather certificate files into single file first open domainname.crt and files using any text editor.

(ii) Now copy all the content of domainname.crt and paste it on the top of file.

(iii) Now save the file name as ‘ssl-bundle.crt’.

Note: We have added the Certificate names for illustration purpose. You don’t need to follow with the same names. So while installation you must use the certificate file names allotted to you.

Certificate File Name Details
Domainname.crt Certificate File name
ComodoSecureServerCA.crt Intermediate Certificate File Name
ExternalCARoot.crt Root Certificate File Name
SSL-bundle.crt SSL Bundles

Once you gather all certificate files into one file the very next step is Configuration of NGINX virtual host.

Step 2: Configuration of NGINX Virtual Host

(1) Move ‘ssl-bundle.crt’ into the server location where you have put your SSL Certificate files (E.G /etc/SSL/certs/ for Ubuntu users & /user/local/SSL/certs for windows users)

(2) Find your domain’s configuration file in the following location to modify it, If the configuration file is not available then you need to create a new one.

  • /etc/nginx/sites-available/
  • /user/local/nginx/sites-available/

(3) Please set following options on the configuration file

Turn SSL on

ssl on;

In SSL port set is as ‘Listen’, make sure your SSL port is 443

listen 443;

For the new created SSL-bundle.crt file’s location set it as ‘ssl_certificate’

SSL certificate /etc/ssl/certs/ssl-bundle.crt;

For the location of the private key set it as ‘ssl_certificate_key

ssl_certificate_key /etc/ssl/private/mysite.key;

After configuration of NGINX Virtual host file it will be look something like this

server{listen 443;server_name;ssl on;ssl_certificate /etc/ssl/certs/ssl-bundle.crt;ssl_certificate_key /etc/ssl/private/domainname.key;ssl_prefer_server_ciphers on;}

Here, ssl_certificate will be the location of your SSL.bundle.crt file and ssl_certiifcate_key will be the location of your key file that you have created while CSR generation process.

Restart your NGINX Server using following command

sudo /etc/init.d/nginx restart

Finally, your SSL Certificate is installed on your NGINX HTTP Server.

Useful Resources

  1. Generate CSR
  2. NGINX Support Center
  3. SSL Installation Checker


Before Installing the SSL

green pad lockNGINX only accepts SSL Certificate from a genuine and trusted SSL Certificate Authority. Buy trusted SSL Certificate from at a cheap price with heavy discount rates.

How to Install an SSL Certificate on SonicWall SSL VPN
Install SSL Certificate on Tomcat Web Server
This entry was posted in SSL Installation Guides by Mit Gajjar. Bookmark the permalink.

About Mit Gajjar

I have been working as SSL security expert for 6 years and i have assisted to plenty of users to solve their technical issues while installation of SSL certificates on their web servers. It’s really great experience working with Platinum Partner Company CheapSSLSecurity to offer the most reliable SSL certificate security solution on the internet. Being Platinum Partner Company of Symantec, GeoTrust Thawte, Comodo, and RapidSSL, CheapSSLSecurity offers the cheapest SSL certificates security on the internet which starts at just only $3.20/yr.