How To Install An SSL Certificate On An NGINX Server ?

SSL innovation sends the activities securely between the server and the customer without the worry that the messages will be caught and perused by an outside gathering. The endorsement framework additionally helps clients in checking the character of the destinations that they are associating with.

We have to follow 3 basic steps to install and configure SSL on nginx server.

1. Creating your CSR with OpenSSL

Log in to your server via your terminal client (ssh).

Run the below command

#openssl req –new –newkey rsa:2048 –nodes –keyout server.key – out server.csr

Generate Files

Private-Key File: This is utilized to produce the CSR and later to secure and check connections utilizing the certificate.

Certificate Signing Request (CSR) file: Used to arrange your SSL certificate and to encrypt the messages which its private key can decrypt.

At the point when provoked for the Common Name (space name), type the fully qualified domain(FQDN) for the site that you will secure.

Note: If you’re generating a Nginx CSR for a Wildcard certificate, make sure your common name starts with an asterisk (e.g., *.example.com). When prompted, type your organizational information, beginning with your geographic information.

Order Your SSL/TLS Certificate using CSR generated

Save the private Key. Save (back up) the generated .key file. You’ll need it later when installing your SSL certificate.

2. Nginx: Installing & Configuring Your SSL Certificate

Primary and intermediate certificates

You should’ve gotten your_domain_name.pem record from certificate issuing authority. This .pem record contains both your essential certificate and the intermediate certificate. Copy the certificate to your server once you get the .pem file.

or

Make sure you have the intermediate certificate (intermediate_your_domain_name.crt) and your primary certificate (your_domain_name.crt) files from ssl provider. Copy these files, along with the .key file you have generated when creating the CSR, to the directory.

Note: Make them readable by root only to increase security.

Concatenate the primary and intermediate certificates

You need to concatenate your primary certificate file (your_domain_name.crt) and the intermediate certificate file(intermediate_your_domain_name.crt) into a single .pem file.

To concatenate the files, run the following command:

#cat your_domain_name.crt DigiCertCA.crt >> bundle.crt

Place the concatenated file into the directory with SSL certificates on your Nginx server.

3. Edit the Nginx virtual hosts file

Once the certificate is uploaded, you can to modify  Nginx configuration file (by default it is called nginx.conf) and can edit or add virtual host for 443 port for your website.

In the event that there is no virtual host for 443 port, you can copy the record for port 80 (it ought to be in the configuration file of course) and change port 80 to port 443.

The completed Virtual Host should look something like this

server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
ssl_certificate_key /etc/ssl/your_domain_name.key;
server_name your.domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}

ssl_certificate ought to be indicated the area of the connected authentication certificate. ssl_certificate_key ought to be indicated the area of the private key alongside the CSR.

Towards the end, we have to restart Nginx to utilize our new settings utilizing the below command.

#service nginx restart