How to Install a SSL Certificate on Nginx

Uber Vault

Last time I showed how easy it is to create an SSL request on Nginx, this time I’ll show you how easy it is to get your site up and running with it.

You are going to need your server.key file we created last time and the text of the SSL certificate.  Most keys I’ve ever bought provide you with the actual file and the text in the email for your key.

As usual SSH onto your Linux server.

Lets go into the folder for our website:

cd /var/companya.com/

Create our SSL directories:

mkdir ssl

cd ssl

Lets create the server.key file:

nano server.key

Copy and paste your original key into there, and then [ctrl]+o to save, and then [ctrl]+x to exit.

Now lets use that publicly trusted certificate you’ve got:

nano servert.crt

Copy and paste your public SSL certificate into there, [ctrl]+o to save, and then [ctrl]+x to exit.

Now open up your site configuration

nano /etc/nginx/sites-enabled/gypthecat.com

Add a new server block at the bottom of that file that looks something like this:

server {

listen 12.34.56.78;
server_name www.gypthecat.com gypthecat.com;

ssl on;
ssl_certificate /var/gypthecat.com/ssl/server.crt;
ssl_certificate_key /var/gypthecat.com/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;

root /var/gypthecat.com/httpdocs/;
index index.php index.html index.htm;
access_log /var/gypthecat.com/logs/access.log combined;

gzip on;
gzip_comp_level 5;
gzip_disable “MSIE [1-6]\.”;
}

Now lets restart Nginx:

service nginx restart

And open up your new HTTPS website!

Intermediate Certificates

Some SSL providers will provide an Intermediate Certificate to use, if we were using Apache we’d be using SSLCertificateChainFile, the process for Nginx is slightly different.

All we need to do is append the intermediate certificate with our SSL certificate.  Type in:

nano intermediate.cer

Copy and paste the given certificate in there [ctrl]+o and then [ctrl]+x.

Now type in the following:

cat intermediate.cer >> server.crt

Restart Nginx and you should be good to go:

service nginx restart

Trackbacks for this post

  1. How to Create a CSR with Nginx using OpenSSL | Gyp the Cat dot Com

Got something to say? Go for it!