Steps for Quick NGINX SSL installation on NGINX HTTP Server

Initial Instruction: For successful installation of NGINX SSL Certificate into NGINX HTTP server, *.PEM formatted root & intermediate certificates are required. Click here To convert SSL into *.PEM format, If SSL in *.PEM format then moves on to next step.

NGINX SSL Installation

Step 1: Gathering All certificate file into one file

The process of gathering all SSL certificate files into one file may vary based on types of Certificate. There are lots of ways to gather Certificate files.

(1) Using Individual Certificate Files

If you having individual certificate files then use of CAT commands will let you gather all SSL Files.

Apply following syntax format “cat Device/Entity Cert Intermediates (reverse order) Root > ssl-bundle.crt”.

For Example:

Syntax: cat domainname.crt ComodoSecureServerCA.crt ExternalCARoot.crt > ssl-bundle.crt

(2) Using .crt & .ca-bundle certificate files

If you having .CRT and .ca-bundle certificate files the cat syntax format is

Syntax: cat Device/Entity Cert Bundle

For Example:

Syntax: cat domainname.crt > ssl-bundle.crt

(3) Using GUI Text Editor

(i) To gather certificate files into single file first open domainname.crt and files using any text editor.

(ii) Now copy all the content of domainname.crt and paste it on the top of file.

(iii) Now save the file name as ‘ssl-bundle.crt’.

Note: We have added the Certificate names for illustration purpose. You don’t need to follow with the same names. So while installation you must use the certificate file names allotted to you.

Certificate File Name Details
Domainname.crt Certificate File name
ComodoSecureServerCA.crt Intermediate Certificate File Name
ExternalCARoot.crt Root Certificate File Name
SSL-bundle.crt SSL Bundles

Once you gather all certificate files into one file the very next step is Configuration of NGINX virtual host.

Step 2: Configuration of NGINX Virtual Host

(1) Move ‘ssl-bundle.crt’ into the server location where you have put your SSL Certificate files (E.G /etc/SSL/certs/ for Ubuntu users & /user/local/SSL/certs for windows users)

(2) Find your domain’s configuration file in the following location to modify it, If the configuration file is not available then you need to create a new one.

  • /etc/nginx/sites-available/
  • /user/local/nginx/sites-available/

(3) Please set following options on the configuration file

  • Turn SSL on
  • ssl on;
  • In SSL port set is as ‘Listen’, make sure your SSL port is 443
  • listen 443;
  • For the new created SSL-bundle.crt file’s location set it as ‘ssl_certificate’
  • SSL certificate /etc/ssl/certs/ssl-bundle.crt;
  • For the location of the private key set it as ‘ssl_certificate_key
  • ssl_certificate_key /etc/ssl/private/mysite.key;
  • After configuration of NGINX Virtual host file it will be look something like this
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/domainname.key;
ssl_prefer_server_ciphers on;

Here, ssl_certificate will be the location of your SSL.bundle.crt file and ssl_certiifcate_key will be the location of your key file that you have created while CSR generation process.

Restart your NGINX Server using following command

sudo /etc/init.d/nginx restart

Finally, your SSL Certificate is installed on your NGINX HTTP Server.

Useful Resources

  1. Generate CSR
  2. NGINX Support Center
  3. SSL Installation Checker


Before Installing the SSL

green pad lockNGINX only accepts SSL Certificate from a genuine and trusted SSL Certificate Authority. Buy trusted SSL Certificate from at a cheap price with heavy discount rates.

Top NGINX SSL Certificates of 2020

Comodo Logo Comodo Logo RapidSSL Logo Geotrust Logo
Features Comodo PositiveSSL Wildcard Comodo Essential SSL Wildcard RapidSSL Wildcard GeoTrust Wildcard
Price for 1 year $67.95 $82.95 $89.00 $325.00
Price for 2 years $57.95/yr $72.58/yr $77.88/yr $284.00/yr
Price for 3 years $56.95/yr $69.13/yr $74.17/yr $270.83/yr
Price for 4 years $54.95/yr $67.40/yr $72.31/yr $264.06/yr
Price for 5 years $52.95/yr $65.03/yr N/A N/A
Domains secured Unlimited sub domains on a Same Domain Name Unlimited sub domains on a Same Domain Name Unlimited sub domains on a Same Domain Name Unlimited sub domains on a Same Domain Name
Issuance speed Minutes Minutes Minutes 1-3 Days
Validation required Domain Validation Domain Validation Domain Validation Business and Domain Validation
Notification level in browsers Domain Name Shown On Certificate Only Domain Name Shown On Certificate Only Domain Name Shown On Certificate Only Domain Name and Business Name Shown On Certificate
Encryption strength Up to 256-bit Up to 256-bit Up to 256 Bit Up to 256 Bit
Browser compatibility 99% 99% 99% 99%
Includes site seal Comodo Site Seal Comodo Site Seal Rapid Site Seal GeoTrust Site Seal
Number of free reissues allowed Unlimited Reissues Unlimited Reissues Unlimited Reissues FREE self-service reissues during validity period
Server license Unlimited Server Unlimited Server Unlimited Server Unlimited Server
Support options Yes Yes Yes Yes
Warranty $10,000 $10,000 $10,000 $1,250,000
Green address bar No No No NO
Refund policy 15 Days 15 Days 15 Days 15 Days
Read More Read More Read More Read More


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.