Introduction
SSL certificates are essential for securing online communication, as they encrypt data between a user's browser and a server. Install an SSL certificate on NGINX to ensure a safe connection by encrypting the data transmitted over the internet so that it is only visible to the intended recipient.
This article will show you how to install an SSL certificate on NGINX with simple, step-by-step instructions.
Prerequisites
- A server certificate issued by a certificate authority (CA) for your domain.
- NGINX installed on your system.
- A user account with sudo privileges.
How to Install SSL Certificate on NGINX
This guide assumes you have already generated a certificate signing request and received your SSL certificate issued by a certificate authority. If you are yet to obtain a certificate, follow our guide on generating a certificate signing request (CSR) and submitting it to a CA.
Step 1: Combine All Certificates into a Single File
You should have received your SSL certificate via email in the form of a .zip file. Once you download and extract the archive, you will see it consists of three files:
- Server certificate.
- Root certificate.
- Intermediate certificate.
The first step is to combine all three files into one.
There are two ways to combine the files into a single one:
Combine Files Manually
To manually combine the files, copy and paste the contents of each file into a text editor. Save the new file as ssl-bundle.crt.
Combine Files Automatically
The other option is to combine the files using the command line and cat command. The syntax depends on whether you have separate intermediate files or if these files are inside a single .ca-bundle file.
- If all three certificates are listed separately, use the command:
cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt- If the intermediate certificates are in one bundle, run:
cat your_domain.crt your_domain.ca-bundle >> ssl-bundle.crtNote: Make sure you save the ssl-bundle.crt file in the etc/ssl directory.
Step 2: Edit NGINX Configuration File
After combining the files, configure the NGINX server block (the virtual host file) for your server. If you don't know the file's location, use the find command:
sudo find nginx.confOpen the file with a text editor to make the necessary modifications. The easiest way to set up the configuration is to copy the original server module, paste it below, and edit the content.
Follow these steps:
1. Instruct the server to listen to port 443:
listen 443;2. Make sure the server block includes the following line:
<code>ssl on;3. Define the SSL certificate path:
ssl_certificate /etc/ssl/ssl-bundle.crt;4. Specify the directory where the SSL Certificate Key is located:
/path/to/your_private.key;The configuration file should look similar to the one below:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/ssl-bundle.crt;
ssl_certificate_key /path/to/your_private.key;
root /path/to/webroot;
server_name your_domain.com;
}
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /var/www/;
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}5. Save and exit the file.
Step 3: Restart NGINX Server
Restart your NGINX server so your configuration changes take place. To do so, run the command:
sudo systemctl restart nginxStep 4: Verify SSL Certificate
The best way to check you have successfully installed the SSL certificate on NGINX is to connect to your server via a browser.
Open a browser of your choice and navigate to your domain using the HTTPS protocol:
https://[your.domain.com]Replace [your.domain.com] with your actual address.
You should see a locked padlock verifying that the SSL certificate is now set up on your server, as in the image below:
Conclusion
This article showed how to install an SSL Certificate on your NGINX server. Make sure to install separate certificates on each machine if you have more than one NGINX server.
Next, secure your Nginx server using Let's Encrypt, a free certificate authority that allows you to set up protection on your NGINX server.
