1. Upload certificates on the server where your web-site is hosted.
In case of Comodo certificates, you should receive the zip archive with *.crt files.
Geotrust/Thawte/Symantec sends certificates in plain text. Simply save the certificate as a .crt file. You can use Notepad (or any similar text editor) for this. You can download a completed Bundle file for each certificate we provide here.
For Comodo PositiveSSL the files will appear like the ones below:
*youdomainname*.crt
ComodoRSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
2. Combine all the certificates into a single file.
For Nginx it is required to have all the certificates (one for your domain name and CA ones) combined in a single file. The certificate for your domain should be listed first in the file, followed by the chain of CA certificates.
To combine the certificates in case of PositiveSSL, run the following command in terminal:
$ cat *yourdomainname*.crt ComodoRSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> cert_chain.crt
Note! If you have downloaded a complete CABundle file for your certificate, replace chain files' names with the name of your downloaded file. It will look like:
$ cat *yourdomainname*.crt COMODO_DV_SHA-256_bundle.crt >> cert_chain.crt
3. Edit your Nginx VirtualHost file.
By default, the configuration file is named nginx.conf and placed in the directory /usr/local/nginx/conf, /etc/nginx, or /usr/local/etc/nginx.
If you do not have a record for port 443 in your VirtualHost, you should add it manually.
To simplify the process, you can duplicate the record for port 80 (should be in your VirtualHost file by default) and change port 80 to port 443. Simply add it below the non-secure module. In addition to port changes you will need to add the special lines in the record:
ssl on;
# ssl_certificate should be pointed to the file with combined certificates (file you created in step 2)
ssl_certificate /etc/ssl/cert_chain.crt;
# ssl_certificate_key should be pointed to the Private Key that has been generated with the CSR code that you have used for activation of the certificate.
ssl_certificate_key /etc/ssl/*your_private_key*.key;
Completed VirtualHost record for port 443 may look like the one below:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cert_chain.crt;
ssl_certificate_key /etc/ssl/yourdomainnamekey.key;
server_name yourdomainname_com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.lo;
location / {
index index.html;
}
}
Once you have modified the VirtualHost file. it is required to restart Nginx in order to apply the changes. You can restart Nginx with this command:
nginx -s reload
Congratulations! The certificate is now installed on the server for your site. The site should now be accessible via https://.
After successful installation, you can check the cert was install correctly or not by following tools:
https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp
