How to install SSL on nginx Server?

1
How to install SSL on nginx Server?
Rate this post

Before install SSL Certificate on nginx Server, you have to purchase, of course. Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You’ll be asked for the content of the CSR file when ordering the certificate. There are many way to create CSR and Private Key (Remember, when you create a CSR, you will got a Private Key, keep it secured).
You can google for CSR generator online or if you can login server with root, you can create it by enter in command line:

This mean /etc/ssl/bienthuy_net.key is your private key (You’ll need this later to configure ngxinx.) and /etc/ssl/bienthuy_net.csr is your CSR.
Now, purchase the certificate, follow the steps on their site, and you should soon get an email with your SSL Certificate. It contains a zip file with the following:

  • Root CA Certificate – AddTrustExternalCARoot.crt
  • Intermediate CA Certificate – COMODORSAAddTrustCA.crt
  • Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
  • Your PositiveSSL Certificate – www_example_com.crt (or the subdomain you gave them)

Or it can contain only 2 files:

  • CA Bundle Certificate – bienthuy_net.ca-bundle
  • Your SSL Certificate – bienthuy_net.crt (or the subdomain you gave them)

In case you got 2 files, just open all 2 files with text editor like Edit Plus, Notepad Plus or whatever you used. Then copy all content from bienthuy_net.crt then put it at the very first of bienthuy_net.ca-bundle. Save it as ssl-bundle.crt. It is your own ca-bundle file.
In case you want to use command line, just enter in command line:

In case you got 4 files as above, do same as 2 files, but follow the order:

Store the bundle wherever nginx expects to find it:

Explain:
Create a folder name: bienthuy_net inside the folder: /etc/nginx/ssl to store cert and related files. So all cert and related files will be stored in the folder: /etc/nginx/sslbienthuy_net/
Make sure you have all necessary files as follow:
– A private key file: In my case is bienthuy_net.key
– A Certificated file: sure, it’s your certificate so how can you install certificate without certificate file. In my case is: bienthuy_net.crt
– A Ca-Bundle file: A ca-bundles file to make sure cert is readable and can check by most browser. It contain your cert and cert issuer.

Install SSL Certificate on nginx Server

Now if you have all files in that folder, you can install cert.
Open your domain config file. It should be in /etc/nginx/yourdomain.com/ yourdomain.com.conf or /etc/nginx/conf.d/yourdomain.conf
Look for https config block, it should be something like this:

or

Now add after that:

It depend on your config file so check it carefully.
The final block should be like this:

When done, save your configuration file and go to command and test your config file by type in:

If it’s ok, then you should see a message like this:

Now, just restart nginx to apply your new config and https for your domain is working rightnow.

That’s it.

Last update: 08:16:20 AM, 30th June 2018
Share.

About Author