How to install an SSL certificate on a NGINX server?

    Posted in SSL Certificates on Jul 30, 2019

    Once the certificate is issued by CA, you can begin with the process of installation of an SSL certificate on a NGINX server.

    Combine certificates into one file

    Foremost phase is to concatenate the certificate issued for your domain, with intermediate and root certificates into one file.

    Make sure that the certificates are placed in order as below :

    • The certificate for your domain name.
    • Intermediate certificates.
    • Last certificate should be the root one.
    METHOD 1

    Incase the intermediate and root certificates are uploaded and recieved seperately, use this method -

    cat cloudtechtiq.crt intermediate.crt root.crt >> ssl-bundle.crt

    For example, this particular command is applicable for PositiveSSL certificate:

    cat cloudtechtiq.com.CRT CLOUDTECHTIQRSADomainValidationSecureServerCA.crt
    CLOUDTECHTIQRSAAddTrustExternalCARoot.crt >> ssl-bundle.crt
    
    METHOD 2

    If the intermediate certificates are recieved in one bundle file, use this command -

    cat cloudtechtiq.com.crt bundle.crt >> ssl-bundle.crt

    Place the concatenated file into the directory with SSL certificates on your Nginx server.

    Edit your Nginx configuration file

    Once the certificate is uploaded, modify the Nginx configuration file and add virtual host for 443 port for your website.

    If there is no virtual host for 443 port, duplicate the record for port 80 and change port 80 to port 443.

    In addition to this, add these lines in your record -

    ssl on;
    
    ssl_certificate should be pointed to the location of the concatenated certificate file;
    
    ssl_certificate_key should be pointed to the location of the private key generated along with the CSR that was used for the certificate activation.

    The completed Virtual Host should appear like this:

    server {
    
    listen 443;
    
    ssl on;
    
    ssl_certificate /etc/ssl/ssl-bundle.crt;
    
    ssl_certificate_key /etc/ssl/cloudtechtiq.key;
    
    server_name cloudtechtiq.com;
    
    access_log /var/log/nginx/nginx.vhost.access.log;
    
    error_log /var/log/nginx/nginx.vhost.error.log;
    
    location / {
    
    root /var/www/;
    
    index index.html;
    
    }
    
    }

    Incase if you want to configure OCSP Stapling on your server, add the following lines to the virtual host section for the website:

    ssl_stapling on;
    ssl_stapling_verify on;

    Save the modifications and restart the NGINX server.