How to install SSL certificate in Nginx server

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

This tutorial explains the detailed steps to install SSL centificate in Nginx server.

Purchase the cert

Prior to purchasing a cert, you need to generate a private key, and a CSR file (Certificate Signing Request). You'll be asked for the content of the CSR file when ordering the certificate.

openssl req -nodes -newkey rsa:2048 -keyout example_com.key -out example_com.csr

This gives you two files:

example_com.key -- your Private key. You'll need this later to configure ngxin.
example_com.csr -- Your CSR file.

Now, purchase the certificate, wait forever for them to review your purchase. You'll eventually get an email with your PositiveSSL Certificate. It contains a zip file with the following:

Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - PositiveSSLCA2.crt
Your PositiveSSL Certificate - example_com.crt

Install the SSL cert

Combine everything for nxinx:

Combine the above crt files into a bundle (the order matters, here):

cat example_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt

Store the bundle wherever nginx expects to find it:

mkdir -p /etc/nginx/ssl/example_com/

mv ssl-bundle.crt /etc/nginx/ssl/example_com/

Make sure your nginx config points to the right cert file and to the private key you generated earlier:

server {
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key;
# ...

Restart nginx.

Leave a Reply