Home / Tutorials / How to Install an SSL Certificate / How to Install an SSL Certificate on NGINX?

How to Install an SSL Certificate on NGINX

How to Install an SSL Certificate on NGINX

This quick guide explains how to install an SSL certificate on NGINX and useful recommendations on where to buy an SSL Certificate for an NGINX server.

Table of Contents

  1. Generate a CSR Code for NGINX
  2. Install an SSL Certificate on NGINX
  3. Where to buy an SSL certificate for an NGINX server?

Generate a CSR Code for NGINX

When applying for an SSL Certificate, one of the required actions is to generate the CSR code and submit it to the Certificate Authority. CSR stands for Certificate Signing Request, a small text file where you must include up to date details about your domain and company.

You have two options:

  1. Use our CSR Generator to create the CSR automatically.
  2. Follow our step-by-step tutorial on how to generate CSR on NGINX.

Open the file with .csr extension with any text editor such as Notepad. The block of text you see inside is the actual CSR code. During your order process, you will need to paste the entire content of your CSR file into the SSL application form, including the —–BEGIN CERTIFICATE REQUEST—– and footer —–END CERTIFICATE REQUEST—– tags.

Install an SSL Certificate on NGINX

To complete the SSL installation, you will need the following certificate files:

  • Your primary certificate (.crt file)
  • The root and intermediate certificates (.ca-bundle file)

Once you’ve got them from your CA, continue with the configuration.

Step 1: Combine all the certificates

First, you need to combine all the certificates issued for your domain into a single file. You can do this manually using the copy-paste function and a text editor, or automatically via specific commands.

If you decide to do it manually, the order of the SSL certificates is important. Please use the following sequence:

  1. Your primary certificate for your domain name
  2. Intermediate certificates
  3. Root certificate

To automatically combine the certificates run the following commands.

If you have separate intermediate and root files, run:

cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt

If your intermediate and root certificates are inside a single file with .ca-bundle extension, run:

cat example_com.crt bundle.crt >> ssl-bundle.crt

Note: Don’t forget to add your actual certificate file names.

Save the new, combined file in the SSL directory of your NGINX server

Step 2: Edit the NGINX configuration file

Next, edit the NGINX configuration file (nginx.conf). You need to add or edit virtual host for port 443 for your website. If your configuration file doesn’t have a virtual host for port 433, duplicate the attribute for port 80, and rewrite port 80 to port 443

You will also need to include the following special properties in virtual host record:

  • ssl on;
  • ssl_certificate – pointed to the directory of your combined SSL file
  • ssl_certificate_key pointed to the directory of your private key file generated along with the CSR

The final version of your configuration file should look like the example below:

server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/ssl-dragon.key;
server_name ssl-dragon.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /var/www/;
index index.html;
}
}

Step 3: Restart your NGINX

Please, save your modifications and restart your NGINX server via:

sudo /etc/init.d/nginx restart

Congratulations! You have successfully installed your SSL certificate on the NGINX server. You can now check the status of your SSL installation using one of these excellent SSL tools.

Where to buy an SSL certificate for an NGINX server?

When it comes to your SSL needs, SSL Dragon is your best option. As an authorized SSL reseller, we work with all the major Certificate Authorities to offer the final customer amazing SSL deals on a huge range of products. Whether you need a basic Domain Validation certificate, or a high-end Extended Validation solution, with SSL Dragon you’ll get the best price and customer service. All our SSL certificates are compatible with NGINX servers.

Get an SSL certificate now

But there is more! To ease the search for your ideal SSL certificate, our developers have created exclusive tools such as SSL Wizard and Advanced Certificate filter. Take advantage of their simplicity and efficiency to find the best SSL deal for your website.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.