Generally, we have two types of SSL certificates. One is standard SSL and the other is wild card SSL. Standard SSL will be used for a single domain. Whereas Wild card SSL will be used for the main domain and we can use it for all the subdomains of the main domain. In this post, I would like to explain how to create the SSL key certificates, submit them to the provider to download the domain SSL certificates, and install those certificates into the Nginx web server steps.
How to install SSL certificate in Nginx
Step 1. Obtain the SSL certificate: You can either purchase an SSL certificate from a trusted Certificate Authority or generate a free one using Let’s Encrypt or Cloudflare.
Step 2. Create an SSL directory: Create a directory to store your SSL certificates. This directory should be only accessible to the Nginx user, and not to any other users on the system. For example, you can create the directory /etc/nginx/ssl and set its permissions to 700.
Step 3. Generate a private key and CSR: Use OpenSSL to generate a private key and CSR for your domain name. You can do this by running the following command:
1 | openssl req -new -newkey rsa:2048 -nodes -keyout [Domain Name].key -out [Domain Name].csr |
1 2 3 4 5 6 7 | You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- |
1 | Country Name (2 letter code) [AU]: [Country Code] |
Replace [Country Code] with your county code.
1 | State or Province Name (full name) [Some-State]: [State Name] |
Replace [State Name] with your state name.
1 | Locality Name (eg, city) []:[City Name] |
Replace [City Name] with your city name.
1 | Organization Name (eg, company) [Internet Widgits Pty Ltd]:[Company Name] |
Replace [Comany Name] with your company name.
1 | Organizational Unit Name (eg, section) []: |
1 | Common Name (e.g. server FQDN or YOUR name) []: [Domain Name] |
Replace [Domain Name] with your domain name.
1 | Email Address []: [Email].[Domain Name] |
Replace [Email].[Domain Name] with your email address.
1 2 3 4 | Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
Once these steps are done, you will get the [domain].key and [domain].CSR files
Step 4. Submit the CSR to the certificate authority: If you obtained an SSL certificate from a CA, you will need to submit the CSR to the CA to obtain the SSL certificate.
1 2 3 | [random string].crt [random string].pem gd_bundle-g2-g1.crt |
Step 5. Move all files to /etc/nginx/ssl as mentioned in step 2.
Step 6. Create a chained file because we will get missed intermediate certificate missing
1 | cat [Domain Name].crt gd_bundle-g2-g1.crt > [Domain Name].chained.crt |
Step 7. Configure Nginx to use SSL: Once you have the SSL certificate, you can configure Nginx to use SSL by editing the Nginx configuration file. Add the following lines to your Nginx configuration file:
1 2 3 4 5 6 | server { listen 443 ssl; server_name example.com; ssl_certificate /etc/nginx/ssl/[Domain Name].chained.crt; ssl_certificate_key /etc/nginx/ssl/[Domain Name].key; } |
Step 8. Restart Nginx: Once you have made changes to your Nginx configuration file, you need to restart the Nginx server for the changes to take effect. You can do this by running the following command:
1 | sudo systemctl restart nginx |
Note: Make sure that your Nginx configuration file is correct and has no syntax errors before restarting Nginx. You can check the configuration file by running the following command:
1 | sudo nginx -t |
If the configuration file has errors, the above command will report them, and you need to fix them before restarting Nginx.
1 Comment
SSL by Cloudflare: Transforming WordPress Blogs into Safer - Anil Labs · September 24, 2023 at 7:17 am
[…] to your blog. By the end of this article, you’ll not only understand the importance of SSL but also have the knowledge to implement it effectively, ensuring that your WordPress blog becomes […]