Contact us at |support@ssldragon.com
  • install an ssl certificate on nginx

How to install an SSL Certificate on NGINX?

Thursday, January 31st, 2019

This quick, four-part guide explains how to install an SSL certificate on NGINX. The first part provides step by step instructions on how to generate a CSR code for NGINX, while the middle section focuses on the SSL installation itself. The third portion offers a glimpse into NGINX history, and, finally, the last part contains useful recommendations on where to buy an SSL Certificate for an NGINX server.

Generate a CSR Code for NGINX
Install an SSL Certificate on NGINX
NGINX history and versions
Where to buy an SSL certificate for an NGINX server?

Generate a CSR Code for NGINX

When applying for an SSL Certificate, one of the required actions is to generate the CSR code and submit it to the Certificate Authority. CSR stands for Certificate Signing Request, a small text file where you must include up to date details about your domain and company. We are going to use the OpenSSL utility to create your CSR code for NGINX. Please, follow the steps below:

  1. Use the Secure Shell (SSH) to connect to your server’s terminal
  2. At the prompt, run the following command:
    openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr
    Replace example with your actual domain name. For instance, if you want to secure www.yourdomain.com, enter yourdomain.key and yourdomain.csr
  3. Submit the required details into the CSR. Fill in the fields as shown below:
    • Country Name: specify the two-letter country code where your organization is legally registered. (e.g. US)
    • State or Province Name: here you must enter the full name of the state or region where your organization is legally located (e.g. Georgia)
    • Locality Name: enter the full name of the city where your business is registered
    • Organization Name: indicate the legal name of your organization. (e.g. GPI Holding LLC)
    • Organization Unit Name: type the name of the department dealing with the SSL Certificates (e.g. IT)
    • Common Name: enter the FQDN (Fully Qualified Domain Name) that you want to secure. (e.g. yourdomain.com)

      Note: For Wildcard certificate, include an asterisk in front of the domain name (e.g. *.yourdomain.com).

    • Email Address: type a valid email address
    • The Challenge Password and Optional Company Name attributes are optional. To avoid confusing, we recommend leaving these fields blank
  4. Once you’ve filled in the fields above, the OpenSSL utility will generate the CSR code and private key files
  5. Open the file with .csr extension with any text editor such as Notepad. The block of text you see inside is the actual CSR code. During your order process, you will need to paste the entire content of your CSR file into the SSL application form, including the —–BEGIN CERTIFICATE REQUEST—– and footer —–END CERTIFICATE REQUEST—– tags.

Install an SSL Certificate on NGINX

To complete the SSL installation, you will need the following certificate files:

  • Your primary certificate (crt file)
  • The root and intermediate certificates (.ca-bundle file)

Once you’ve got them from your CA, continue with the configuration.

  1. First, you need to combine all the certificates issued for your domain into a single file. You can do this manually using the copy-paste function and a text editor, or automatically via specific commands. If you decide to do it manually, the order of the SSL certificates is important. Please use the following sequence:
    1. Your primary certificate for your domain name
    2. Intermediate certificates
    3. Root certificate
  2. To automatically combine the certificates run the following commands:
    cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt (if you have separate intermediate and root files).
    cat example_com.crt bundle.crt >> ssl-bundle.crt (if your intermediate and root certificates are inside a single file with .ca-bundle extension)

    Note:Don’t forget to add your actual certificate file names.

  3. Save the new, combined file in the SSL directory of your NGINX server
  4. Next, edit the NGINX configuration file (nginx.conf). You need to add or edit virtual host for port 443 for your website. If your configuration file doesn’t have a virtual host for port 433, duplicate the attribute for port 80, and rewrite port 80 to port 443
  5. You will also need to include the following special properties in virtual host record:
    • ssl on;
    • ssl_certificate – pointed to the directory of your combined SSL file
    • ssl_certificate_key pointed to the directory of your private key file generated along with the CSR
  6. The final version of your configuration file should look like the example below:
    server {
    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/ssl-bundle.crt;
    ssl_certificate_key /etc/ssl/ssl-dragon.key;
    server_name ssl-dragon.com;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
    root /var/www/;
    index index.html;
    }
    }
  7. Please, save your modifications and restart your NGINX server via sudo /etc/init.d/nginx restart.

Congratulations! You have successfully installed your SSL certificate on the NGINX server. You can now check the status of your SSL installation using one of these excellent SSL tools.

NGINX history and versions

NGINX is a versatile web server, created by the Russian software engineer Igor Sysoev. It can also be used as a load balancer, mail proxy, reserve proxy, and HTTP cache. NGINX’s name is an intentionally misspelled homophone of “Engine X”. The server was initially developed to solve the C10K problem but gradually grew into an all-around web server platform. NGINX is a free and open source software; however, a commercial version of NGINX branded NGINX Plus also exists.

The first release of NGINX was on October 4, 2004. Below you will find all the major NGINX versions:

  • NGINX release 1.11.0 on May 24, 2016.
  • NGINX release 1.12.0 on April 12, 2017
  • NGINX release 1.13.0 on April 25, 2017
  • NGINX release 1.14.0 on April 14, 2018
  • NGINX release 1.15.0 on June 5, 2018

Where to buy an SSL certificate for an NGINX server?

When it comes to your SSL needs, SSL Dragon is your best option. As an authorized SSL reseller, we work with all the major Certificate Authorities to offer the final customer amazing SSL deals on a huge range of products. Whether you need a basic Domain Validation certificate, or a high-end Extended Validation solution, with SSL Dragon you’ll get the best price and customer service. All our SSL certificates are compatible with NGINX servers. Listed below are the types of SSL certificates we sell:

But there is more! To ease the search for your ideal SSL certificate, our developers have created exclusive tools such as SSL Wizard and Advanced Certificate filter. Take advantage of their simplicity and efficiency to find the best SSL deal for your website.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.