How to Install an SSL Certificate on Ubuntu for Nginx

Share It!

SSL provides secure data communication by encrypting data between server and client. SSL can reduce the possibility of the data being intercepted by hackers. Migrating any site from http to https is very simple. Default port of https is 443. This article will help you to configure SSL certificate in Nginx server.

SSL Certificate

See Also:

1. How to Install WordPress Using Nginx on CentOS/RHEL 7/6/5
2. How To Install Moodle on Ubuntu using Nginx
3. How to Configure NGINX in CentOS/RHEL
4. SSL v3 (POODLE) Vulnerability: Nginx

Step 1: Install Nginx Web Server

We are assuming that you already have Nginx installed on your system but in case you don’t have installed it already, Use following command to install it.

$ sudo apt-get install nginx

Step 2: Install Required Packages

Make sure the OpenSSL client package is installed on the server. Run below command to install the the package If It’s not installed.

$ sudo apt-get install mod_ssl openssl

Step 3: Create Directory

Now you need to create the directory to store the server key and certificate.

$ mkdir /etc/nginx/ssl/

Step 4: Get SSL Certificate

Before creating SSL certificate, first you need to generate private key and CSR. A CSR is a file which have all details about domain.

$ cd /etc/nginx/ssl/
$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

You can change name of files example.com.key and example.com.csr as per your domains. After getting certificate from CA, combine your primary certificate and intermediate certificate file in single file.

$ cat example.com.crt DigiCertCA.crt >> example.com.pem

Step 5: Create VirtualHost with SSL

Now edit domain configuration file /etc/nginx/conf.d/example.com.conf and add the following values.

$ vim /etc/nginx/conf.d/example.com.conf
server {

    listen   443;
    server_name example.com www.example.com;

    root /home/example/public_html;
    index index.html index.htm;

    ssl on;
    ssl_certificate /etc/nginx/ssl/example.com.pem;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
    ssl_prefer_server_ciphers on;
}

Step 6: Restart Nginx Service

Finally restart nginx server for changes takes effect.

$ service nginx restart

Step 7: Verify SSL Configuration

At the end, you can check the configuration using below URL.

https://www.sslshopper.com/ssl-checker.html

Enjoy it!

Leave a Reply

Your email address will not be published.