Install SSL for Nginx

1. Upload certificates on the server where your web-site is hosted.

In case of Comodo certificates, you should receive the zip archive with *.crt files.
Geotrust/Thawte/Symantec sends certificates in plain text. Simply save the certificate as a .crt file. You can use Notepad (or any similar text editor) for this. You can download a completed Bundle file for each certificate we provide here.
For Comodo PositiveSSL the files will appear like the ones below:

*youdomainname*.crt
ComodoRSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

2. Combine all the certificates into a single file.

For Nginx it is required to have all the certificates (one for your domain name and CA ones) combined in a single file. The certificate for your domain should be listed first in the file, followed by the chain of CA certificates.
To combine the certificates in case of PositiveSSL, run the following command in terminal:

$ cat *yourdomainname*.crt ComodoRSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> cert_chain.crt

Note! If you have downloaded a complete CABundle file for your certificate, replace chain files' names with the name of your downloaded file. It will look like:

$ cat *yourdomainname*.crt COMODO_DV_SHA-256_bundle.crt >> cert_chain.crt

3. Edit your Nginx VirtualHost file.

By default, the configuration file is named nginx.conf and placed in the directory /usr/local/nginx/conf, /etc/nginx, or /usr/local/etc/nginx.

If you do not have a record for port 443 in your VirtualHost, you should add it manually.
To simplify the process, you can duplicate the record for port 80 (should be in your VirtualHost file by default) and change port 80 to port 443. Simply add it below the non-secure module. In addition to port changes you will need to add the special lines in the record:

ssl    on;

# ssl_certificate  should be pointed to the file with combined certificates (file you created in step 2)

ssl_certificate    /etc/ssl/cert_chain.crt;

# ssl_certificate_key should be pointed to the Private Key that has been generated with the CSR code that you have used for activation of the certificate.

ssl_certificate_key    /etc/ssl/*your_private_key*.key;

Completed VirtualHost record for port 443 may look like the one below:

server {

listen   443;

ssl    on;
ssl_certificate    /etc/ssl/cert_chain.crt;
ssl_certificate_key    /etc/ssl/yourdomainnamekey.key;


server_name yourdomainname_com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.lo;
location / {

             root   /var/www/;
             index  index.html;
}

}


Once you have modified the VirtualHost file. it is required to restart Nginx in order to apply the changes. You can restart Nginx with this command:

nginx -s reload

Congratulations! The certificate is now installed on the server for your site. The site should now be accessible via https://. 

After successful installation, you can check the cert was install correctly or not by following tools: 
https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to install your SSL Certificate in IIS 5 & 6

Open the ZIP file containing your certificate and copy the file named your_domain_name.cer to...

Cài đặt SSL trên IIS 7/7.5 (Windows Server 2008)

Để cài đặt chứng thư số SSL cho IIS 7/7.5 trên Windows 2008, bạn thực hiện như sau :  Bước 1:...

Cài đặt SSL trên IIS 8/8.5 (Window Server 2012)

Để cài đặt chứng thư số SSL cho IIS 8/8.5 trên Windows Server 2012, bạn thực hiện như sau :...

Install SSL for Apache Linux

To install the SSL digital certificates to Apache on Linux, you perform the following: 1. Unzip...

Install SSL for Apache Windows

To install the SSL certificate for Apache on Windows, you perform the following: 1. Unzip...