1. SSL Installation Guide on Nginx Web Server
Firstof all,create a ‘Certificate Bundle’togetstartedwiththe procedure of SSLinstallationinNginx.For
creatingthe bundle,eachcertificate (SSLcertificate,Intermediate certificate andRoot certificate) needs
to be in the PEM format.
In a plain text editor, open each certificates.
Now proceed by creating a new document in a plain text editor.
Your SSL Certificate
Intermediate SSL certificate
Root SSL Certificate
This completes your file and its format should be as follows:
-----BEGIN CERTIFICATE-----
#Your SSL Certificate#
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
#Intermediate Certificate#
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
#Root Certificate#
-----END CERTIFICATE-----
This newly-created certificate bundle should be saved in a ‘.crt’ format.
After saving it properly, upload the certificate bundle along with the private key to a directory
on the Nginx server.
After that, edit the Nginx virtual hosts file.
For that, open the Nginx virtual host file for the website you intend to secure. In case you want
your site to be accessible through both, secure (https) and non-secure (http) connections, you
need to have a server module for each connection type.
2. Now proceed by making a copy of the existing non-secure module and pasting it below the
original. Add the lines in the format given below:
server{
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_domain.crt;
ssl_certificate_key /etc/ssl/your_domain.key;
server_name your.domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}
Please note it is very important to make sure you adjust the file names so as to match your
certificate files.
Ssl_certificate should be your primary certificate which is combined with the root and
intermediate certificate bundle created in previous steps. For example, your_domain.crt.
When you generate the CSR, ssl_certificate_key should be the key file that is created.
Now restart Nginx.