Nginx SSL Certificate Installation

By | December 17, 2014

Nginx Server SSL Certificate Installation

  1. Primary certificate and intermediate certificate.

    You should have received a your_domain_name.pem file from DigiCert in an email when your certificate was issued. This .pem file contains both your primary certificate and the intermediate certificate. If you have that .pem file you can skip to step 4.

    If you still need to concatenate your primary certificate and your intermediate certificate in to a single file, start with step 2.

  2. Copy the Certificate files to your server.
  3. Concatenate the primary certificate and intermediate certificate.

    You need to concatenate the primary certificate file (your_domain_name.crt) and the intermediate certificate file .crt  into a single pem file by running the following command:

    cat your_domain_name.crt gd_bundle.crt >> bundle.crt
  4. Edit the Nginx virtual hosts file.

    Now open your Nginx virtual host file for the website you are securing. If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection. Make a copy of the existing non-secure server module and paste it below the original. Then add the lines in bold below:

    server {

    listen   443;

    ssl    on;
    ssl_certificate    /etc/ssl/your_domain_name.pem;
    (or bundle.crt)
    ssl_certificate_key    /etc/ssl/your_domain_name.key;

    server_name your.domain.com;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
    root   /home/www/public_html/your.domain.com/public/;
    index  index.html;
    }

    }

    Adjust the file names to match your certificate files:

    • ssl_certificate should be your primary certificate combined with the intermediate certificate that you made in the previous step (e.g. your_domain_name.crt).
    • ssl_certificate_key should be the key file generated when you created the CSR.
  5. Restart Nginx.

    Run the following command to restart Nginx:

    sudo /etc/init.d/nginx restart

Nginx SSL Certificates, Guides, & Tutorials

Troubleshooting:

  1. If your web site is publicly accessible you can use https://www.ssllabs.com/ssltest/  to check your SSL.
  2. Open a web browser and visit your site using https. It is best to test with both Internet Explorer as well as Firefox, because Firefox will give you a warning if your intermediate certificate is not installed. You should not receive any browser warnings or errors. If you immediately receive a browser message about the site not being available, then Nginx may not yet be listening on port 443. If your web request takes a very long time, and then times out, a firewall blocking traffic on TCP port 443 to the web server.

    If you receive a “not trusted” warning, view the certificate to see if it is the certificate you expect. Check the Subject, Issuer, and Valid To fields.

Сomments аrchive