The tutorial will explain how to install an SSL certificate on Nginx. To complete the SSL installation, please follow these steps below:
Step 1: Combine Certificates Into One File
Download a Zip-archive including your certificate from your NicSRS account. In the Zip-archive, the Nginx folder contains a .crt file that is your certificate and a .key file. The two files are ready for installation without any combination.
Alternatively, the Certificate Authority will email you a Zip-archive with several .crt files. Once you’ve got the zip-archive from your CA, you need to combine all the certificates issued for your domain with intermediate and root certificates into one file. There are two methods to combine certificates into one file:
Method 1: Combine the files manually in a text editor by copying and pasting the correspondent certificates into one single file.
Note: The order of certificates in the single file is important.
- Your primary certificate for your domain name
- Intermediate certificates
Method 2: To automatically combine the files run the following commands:
If you received separate intermediate and root files, please add this command:
cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt
If you received the intermediate and root certificates in one bundle file, or downloaded the Certificate files from your NicSRS account, please run the command:
cat example_com.crt example_com _bundle.crt >> ssl-bundle.crt
Save the combined file and private key file into the SSL directory of your NGINX Server.
Step 2: Edit the NGINX Configuration File
After uploading the certificate, you need to edit your NGINX configuration file (by default it is called nginx.conf).
Then you’ll edit or add Virtual Host for 443 port for your website. If there’s no Virtual Host for 443 port, you can duplicate the record for port 80 (it should be in the configuration file by default) and change port 80 to port 443. Simply add it below the non-secure module.
You will then need to add these specific lines into the record:
ssl on;
ssl_certificate (pointed to the location of the combined Certificate file)
ssl_certificate_key (pointed to the location of the private key file generated along with the CSR)
The completed Virtual Host should look like this:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/ ssl-bundle.crt;
ssl_certificate_key /etc/ssl/nicsrs_com.key;
server_name nicsrs.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /var/www/;
index index.html;
}
}
Finally, save your modifications and restart your Nginx server by the command to apply your changes:
sudo /etc/init.d/nginx restart
That’s it! Your SSL certificate is installed successfully on the Nginx server. You can check the status of your SSL installation with the SSL checker tool.