How to install SSL certificate on Nginx Webserver/Proxy?

ssl certificate on nginx server

Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. This quick guide explains how to install an SSL certificate on NGINX and useful recommendations on where to buy an SSL Certificate for an NGINX server.

Step 1: Generate CSR(refer to another tutorial for the same) and get a certificate.

To complete the SSL installation, you will need the following certificate files:

  • Your primary certificate (.crt file)
  • The root and intermediate certificates (.ca-bundle file)
  • The private key was generated while you created the CSR.

Once you’ve them, continue the below steps to install SSL on Nginx.

Step 1: Combine all the certificates

First, you need to combine all the certificates issued for your domain into a single file. You can do this manually using the copy-paste function and a text editor, or automatically via specific commands.

If you decide to do it manually, the order of the SSL certificates is important. Please use the following sequence:

  1. Your primary certificate for your domain name
  2. Intermediate certificates
  3. Root certificate

To automatically combine the certificates run the following commands.

If you have separate intermediate and root files, run from the Linux terminal(if you don’t want to do from Linux terminal, you can just use any text editor to combine content of all the files and make a new one from it) :

cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt

If your intermediate and root certificates are inside a single file with .ca-bundle extension, run:

cat example_com.crt bundle.crt >> ssl-bundle.crt

Note: Don’t forget to add your actual certificate file names.

Save the new, combined file in the SSL directory of your NGINX server.

Step 2: Edit the NGINX configuration file

Next, edit the NGINX configuration file (nginx.conf). You need to add or edit virtual host for port 443 for your website. If your configuration file doesn’t have a virtual host for port 433, duplicate the attribute for port 80, and rewrite port 80 to port 443

You will also need to include the following special properties in virtual host record:

  • ssl on;
  • ssl_certificate – pointed to the directory of your combined SSL file
  • ssl_certificate_key pointed to the directory of your private key file generated along with the CSR

The final version of your configuration file should look like the example below:

server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/usessl.key;
server_name usessl.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /var/www/;
index index.html;
}
}

Step 3: Restart your NGINX

Please, save your modifications and restart your NGINX server via:

sudo /etc/init.d/nginx restart

or

sudo systemctl restart nginx

Congratulations! You have successfully installed your SSL certificate on the NGINX server. You can now check the status of your SSL installation using any SSL tools.

Write a comment

Your email address will not be published. All fields are required