How to Install SSL Certificate on NGINX

Steps to Install SSL Certificate on NGINX

 Initial Checklist

NGINX ServerBefore Installing SSL Certificate please ensure following processes have been completed

  • Buy/renew SSL Certificate
  • Generate CSR with SHA-2 algorithm
  • Save the CSR & Private key file on your server
  • Apply for SSL Certificate Issuance
  • Submit SSL issuance documents to Certificate authority (for EV & OV SSL Certificate)

Step 1: Store Certificate Files 

After quick domain verification, you will receive your SSL certificate file via email in a Zip file from Certificate authority. Download that zip file and extract it on your server directory. This zip file contains server certificate, root certificate and intermediate certificate.

Step 2: Create new domain.crt & Intermediate.crt file

  • Open the server certificate using any text editor
  • Copy all the encrypted data starting from ‘—–BEGIN CERTIFICATE—–‘to ‘——END CERTIFICATE—–‘.
  • Paste this data into a new text file and give this file name as crt. 

Note: We have used ‘domain.crt’ file name just for demonstration purpose, you can give any name to the server certificate file.

Following the same way create a new file for intermediate certificate and give it a name as Intermediate.crt

Step 3: Combine the Server & Intermediate certificate files.

To combine Server & intermediate certificate files use following piece of code

cat intermediate.crt >> SSL.crt

Make sure the extension of the combined file should be .pem.

Step 4: NGINX virtual host file editing

  • Open the NGINX virtual-host file for the website which you wish to secure.
  • Create a copy of the existing server module of virtual-host file and paste it into the original source.
  • Now add following piece of code under server module
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_SSL.crt;
ssl_certificate_key /etc/ssl/your_domain_name.key;
server_name your.domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}

Note: here is the above code ssl_certificate is the .pem file that you’ve created under step 3, ssl_certificate_key is the certificate key file you’ve received during CSR generation process. So you need to add the correct file name & path which you’ve created.

  • Using sudo /etc/init.d/nginx restart command to restart your NGINX server.
  • Your SSL Certificate is now installed on your NGINX server.

SSL Resources: