How to install SSL in Nginx Servers

Posted in Linux May 31, 2018


This is one of the quick way to install SSL in NGINX Servers , i already have a tutorial for Apache , 

the Process is very simple and similar to Apache , the files are all same , its just , 

you need to make few changes with the certificates you receive and make a one single bundled ssl certificate

i will skip few steps , i assume you have generated CSR and then have , key file , and certificates you Received from the SSL providers,

if you find if difficult , you can check the tutorials from the SSL Apache Setup ,

or here is the Code 

openssl req -new -newkey rsa:2048 -nodes -keyout sangv_info.key -out sangv_info.csr

Once you have your CSR key you should receive your other Keys ,

So lets assue you have all these files from Comodo

  • Root CA Certificate - AddTrustExternalCARoot.crt
  • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
  • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
  • Your PositiveSSL Certificate - sangv_info.crt (or the subdomain you gave them)

This is for Nginx for be care full wile You are creating a single Certificate for nginx , Please follow up the pattern i have Mentioned , lets assume ssl_sangv_info.crt is the final single certificate , 

——BEGIN CERTIFICATE——
1. PositiveSSL Certificate - sangv_info.crt
——END CERTIFICATE——
——BEGIN CERTIFICATE——
2. COMODORSADomainValidationSecureServerCA.crt
——END CERTIFICATE——–
——BEGIN CERTIFICATE——
3. COMODORSAAddTrustCA.crt
——END CERTIFICATE——–
——BEGIN CERTIFICATE——
4. AddTrustExternalCARoot.crt
——END CERTIFICATE——–
So you can use this quick cheat for the trick
cat sangv_info.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl_sangv_info.crt

it Should give you a single file ssl_sangv_info.crt , and make sure you have sangv_info.key file, now you can store these files into your desired web content directory or you can store as below 

[root@sangv ~]# mkdir -p /etc/home/certs/sangv_info/
[root@sangv ~]# cp sangv_info.key ssl_sangv_info.crt /etc/home/certs/sangv_info/

The final Step would be to setup the ssl for Nginx from the config file

[root@sangv ~]# vim /etc/nginx/conf.d/domain.info.conf
# HTTPS
server {
listen 443;
.....
ssl on;
ssl_certificate     /etc/home/certs/sangv_info/ssl_sangv_info.crt;
ssl_certificate_key /etc/home/certs/sangv_info/sangv_info.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
root /var/www/html;
index index.php index.html;
.....
}

[root@sangv ~]# service nginx restart

Or for centos 7 

[root@sangv ~]# systemctl restart nginx

This should make the SSL working and you shall be able to visit , using https

sangv. Info