• Home
  • The Song
  • The Avatar
  • The Cat
  • Contact the Cat

Gyp the Cat dot Com

How to Install a SSL Certificate on Nginx
internet, Uncategorized

How to Install a SSL Certificate on Nginx

Last time I showed how easy it is to create an SSL request on Nginx, this time I’ll show you how easy it is to get your site up and running with it.

You are going to need your server.key file we created last time and the text of the SSL certificate.  Most keys I’ve ever bought provide you with the actual file and the text in the email for your key.

As usual SSH onto your Linux server.

Lets go into the folder for our website:

cd /var/companya.com/

Create our SSL directories:

mkdir ssl

cd ssl

Lets create the server.key file:

nano server.key

Copy and paste your original key into there, and then [ctrl]+o to save, and then [ctrl]+x to exit.

Now lets use that publicly trusted certificate you’ve got:

nano servert.crt

Copy and paste your public SSL certificate into there, [ctrl]+o to save, and then [ctrl]+x to exit.

Now open up your site configuration

nano /etc/nginx/sites-enabled/gypthecat.com

Add a new server block at the bottom of that file that looks something like this:

server {

listen 12.34.56.78;
server_name www.gypthecat.com gypthecat.com;

ssl on;
ssl_certificate /var/gypthecat.com/ssl/server.crt;
ssl_certificate_key /var/gypthecat.com/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;

root /var/gypthecat.com/httpdocs/;
index index.php index.html index.htm;
access_log /var/gypthecat.com/logs/access.log combined;

gzip on;
gzip_comp_level 5;
gzip_disable “MSIE [1-6]\.”;
}

Now lets restart Nginx:

service nginx restart

And open up your new HTTPS website!

Intermediate Certificates

Some SSL providers will provide an Intermediate Certificate to use, if we were using Apache we’d be using SSLCertificateChainFile, the process for Nginx is slightly different.

All we need to do is append the intermediate certificate with our SSL certificate.  Type in:

nano intermediate.cer

Copy and paste the given certificate in there [ctrl]+o and then [ctrl]+x.

Now type in the following:

cat intermediate.cer >> server.crt

Restart Nginx and you should be good to go:

service nginx restart

Related

Written by gyp - July 15, 2012 - 5541 Views
Tags | internet, nginx, security

You Might Also Like

How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense

October 3, 2015

ISC(2) CISSP Revision Notes – Operations Security

November 25, 2013

MX Records, FQDNs, Host Names and Dots

November 2, 2010

2 Comments

  • How to Create a CSR with Nginx using OpenSSL | Gyp the Cat dot Com July 16, 2012 at 8:56 pm

    […] If you want to read what to do with the SSL certificate you get back read on how to get your Nginx SSL certificate functioning. […]

    Reply
  • Ryan December 24, 2014 at 3:34 pm

    Many thanks for the post, just helped get my site back up and running again

    Reply
  • Please Post Your Comments & Reviews
    Cancel reply

    Your email address will not be published. Required fields are marked *

    Previous Post
    Next Post

    Latest Posts

    • Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
    • HTTP to HTTPS Redirect on Azure CDN
    • Strongswan IPSec (Including Cryptomap) to Microsoft Azure Virtual Network Gateway
    • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
    • Sorry for the lack of posts
    • How to Block Internet Access with Group Policy (GPO)
    • Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)
    • Scanning Subnet for Issuing Certificate Authority with OpenSSL
    • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
    • Steam & Valve IP Ranges

    Top Posts & Pages

    • How to Block Internet Access with Group Policy (GPO)
      How to Block Internet Access with Group Policy (GPO)
    • IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
      IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
    • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
      How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
    • Tinyproxy A Quick and Easy Proxy Server on Ubuntu
      Tinyproxy A Quick and Easy Proxy Server on Ubuntu
    • ISEB Business Analysis (BA) Revision Notes
      ISEB Business Analysis (BA) Revision Notes
    • How to Log BIND Queries on Ubuntu 12.10
      How to Log BIND Queries on Ubuntu 12.10
    • Steam & Valve IP Ranges
      Steam & Valve IP Ranges
    • HTTP to HTTPS Redirect on Azure CDN
      HTTP to HTTPS Redirect on Azure CDN
    • Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
      Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA

    Tags

    apache2 azure azure log analytics blops business centos cheating cissp cloudflare cryptography dns game google gyp internet iphone ipsec isc linux mac marketing microsoft mw2 mx mysql nginx pfsense postfix proxy ps3 qualification radius revision security seo smtp socks squid ssh strongswan tinyproxy ubuntu windows 2012 wordpress xdecrypt.com
    Gyp the Cat dot Com

    Some rights retained Gyp the Cat Dot Com