This article revolves around the simplified procedure for generating the CSR (Certificate Signing Request) and installing the SSL on Nginx Server without causing any error or error. Please be sure to purchase or renew an SSL Certificate from a Trusted Certificate Authority ( CA) before we begin both processes.
Before we go any further, make sure to save all the SSL Certificate files provided to a specific location by the Certificate Authority.
Step 1: Generation of NGINX CSRs with OpenSSL command
Please perform the following steps to generate CSR and Private key on your NGINX server:
- To log in to your server use Secure Shell or SSH Terminal
- Now run the following Command for OpenSSL
openssl req –new –newkey rsa:2048 –nodes –keyout domain-name.key –out domain-name.csr
- Here you need to add the below-requested information turn by turn.
- Common Name: The name of your base domain
- Organization: The name of your Business/Organization
- Organization Unit: The Unit name of your business
- City or Locality: The name of your City
- State: The name of your state
- Country: Two letter country code
- Passphrase: This is an optional request (you only need to add if you wish to secure your CSR with a password).
- At the end of the above process, you will have the CSR and Private Key on your screen.
- Now, copy the encrypted data of the CSR —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– and paste into a new Text file, and give a name as domain-name.csr.
- Following the same way, save the Private Key by giving a file name as domain-name.key.
- Now move to the next step to install the SSL Certificate.
Step2: Installation of an NGINX SSL Certificate
Carry out the following steps for efficient installation of SSL Certificates and Intermediate Certificates on NGINX Server.
- Based on the above statement, we have demanded that all of the CA ‘s SSL files be saved to a specific location.
- Now run the following command to concatenate both files into a single.pem file or a bundle.crt file (the file formats will be accepted by both).
cat domain-name.crt certificate-authority.crt >> bundle.crt
- Here, domain-name.crt is your Server Certificate, and certificate-authority.crt is the Intermediate Certificate.
- Edit the Virtual Host File
- Open the Nginx virtual host file
- At the end of the file add the following command
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/domain-name.pem; (or bundle.crt)
ssl_certificate_key /etc/ssl/domain-name.key;
server_name domain-name.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/domain-name.com/public/;
index index.html;
}
Note: Here, ssl certificate /etc / ssl / domain-name.pem; (or bundle.crt) is the location of the .prm or.crt file concatenated by the previous stage, and ssl certificate key /etc / ssl / domain-name.key is the private key location.
- Using the following to save the virtual host file and restart the NGINX server
sudo /etc/init.d/nginx restart
After you’ve completed the installation process, you can use our free SSL Checker Tool to verify the installation.
Conclusion:
Finally, your NGINX server installs the generated CSR with the private key and the SSL Certificate along with the Intermediate Certificate. The HTTPS protocol now secures your website and is ready to run. Don’t forget to forward the HTTP traffic to HTTPS.