Steps for Quick NGINX SSL installation on NGINX HTTP Server

Initial Instruction: For successful installation of NGINX SSL Certificate into NGINX HTTP server, *.PEM formatted root & intermediate certificates are required. Click here To convert SSL into *.PEM format, If SSL in *.PEM format then moves on to next step.

NGINX SSL Installation

Step 1: Gathering All certificate file into one file

The process of gathering all SSL certificate files into one file may vary based on types of Certificate. There are lots of ways to gather Certificate files.

(1) Using Individual Certificate Files

If you having individual certificate files then use of CAT commands will let you gather all SSL Files.

Apply following syntax format “cat Device/Entity Cert Intermediates (reverse order) Root > ssl-bundle.crt”.

For Example:

Syntax: cat domainname.crt ComodoSecureServerCA.crt ExternalCARoot.crt > ssl-bundle.crt

(2) Using .crt & .ca-bundle certificate files

If you having .CRT and .ca-bundle certificate files the cat syntax format is

Syntax: cat Device/Entity Cert Bundle

For Example:

Syntax: cat domainname.crt > ssl-bundle.crt

(3) Using GUI Text Editor

(i) To gather certificate files into single file first open domainname.crt and files using any text editor.

(ii) Now copy all the content of domainname.crt and paste it on the top of file.

(iii) Now save the file name as ‘ssl-bundle.crt’.

Note: We have added the Certificate names for illustration purpose. You don’t need to follow with the same names. So while installation you must use the certificate file names allotted to you.

Certificate File Name Details
Domainname.crt Certificate File name
ComodoSecureServerCA.crt Intermediate Certificate File Name
ExternalCARoot.crt Root Certificate File Name
SSL-bundle.crt SSL Bundles

Once you gather all certificate files into one file the very next step is Configuration of NGINX virtual host.

Step 2: Configuration of NGINX Virtual Host

(1) Move ‘ssl-bundle.crt’ into the server location where you have put your SSL Certificate files (E.G /etc/SSL/certs/ for Ubuntu users & /user/local/SSL/certs for windows users)

(2) Find your domain’s configuration file in the following location to modify it, If the configuration file is not available then you need to create a new one.

  • /etc/nginx/sites-available/
  • /user/local/nginx/sites-available/

(3) Please set following options on the configuration file

  • Turn SSL on
  • ssl on;
  • In SSL port set is as ‘Listen’, make sure your SSL port is 443
  • listen 443;
  • For the new created SSL-bundle.crt file’s location set it as ‘ssl_certificate’
  • SSL certificate /etc/ssl/certs/ssl-bundle.crt;
  • For the location of the private key set it as ‘ssl_certificate_key
  • ssl_certificate_key /etc/ssl/private/mysite.key;
  • After configuration of NGINX Virtual host file it will be look something like this
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/domainname.key;
ssl_prefer_server_ciphers on;

Here, ssl_certificate will be the location of your SSL.bundle.crt file and ssl_certiifcate_key will be the location of your key file that you have created while CSR generation process.

Restart your NGINX Server using following command

sudo /etc/init.d/nginx restart

Finally, your SSL Certificate is installed on your NGINX HTTP Server.

Useful Resources

  1. Generate CSR
  2. NGINX Support Center
  3. SSL Installation Checker

Before Installing the SSL

green pad lock

NGINX only accepts SSL Certificate from a genuine and trusted SSL Certificate Authority. Buy trusted SSL Certificate from at a cheap price with heavy discount rates.

Top NGINX SSL Certificates of 2023

Comodo LogoComodo LogoRapidSSL LogoGeotrust Logo
FeaturesComodo PositiveSSL WildcardComodo Essential SSL WildcardRapidSSL WildcardGeoTrust Wildcard
Price for 1 year$67.95$82.95$89.00$349.73
Price for 2 years$57.95/yr$72.58/yr$77.88/yr$332.25/yr
Price for 3 years$56.95/yr$69.13/yr$74.17/yr$326.42/yr
Price for 4 years$54.95/yr$67.40/yrN/AN/A
Price for 5 years$52.95/yr$65.03/yrN/AN/A
Domains securedUnlimited sub domains on a Same Domain NameUnlimited sub domains on a Same Domain NameUnlimited sub domains on a Same Domain NameUnlimited sub domains on a Same Domain Name
Issuance speedMinutesMinutesMinutes1-3 Days
Validation requiredDomain ValidationDomain ValidationDomain ValidationBusiness and Domain Validation
Notification level in browsersDomain Name Shown On Certificate OnlyDomain Name Shown On Certificate OnlyDomain Name Shown On Certificate OnlyDomain Name and Business Name Shown On Certificate
Encryption strengthUp to 256-bitUp to 256-bitUp to 256 BitUp to 256 Bit
Browser compatibility99%99%99%99%
Includes site sealComodo Site SealComodo Site SealRapid Site SealGeoTrust Site Seal
Number of free reissues allowedUnlimited ReissuesUnlimited ReissuesUnlimited ReissuesFREE self-service reissues during validity period
Server licenseUnlimited ServerUnlimited ServerUnlimited ServerUnlimited Server
Support optionsYesYesYesYes
Green address barNoNoNoNO
Refund policy15 Days15 Days15 Days15 Days
Buy NowBuy NowBuy NowBuy Now

Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.