Ask a Question

SSL Certificate Installation for Nginx Server

Solution

This document provides installation instructions for Nginx server. If you are unable to use these instructions for your server, GeoTrust recommends that you contact the server vendor or the organization, which supports Nginx.

Step 1: Obtain the GeoTrust Certificate

  1. The GeoTrust certificate will be sent by email.
  2. Copy the certificate imbedded in the body of the email and paste it into a text file using Vi or Notepad.

    The text file should look like:

    -----BEGIN CERTIFICATE-----

    [encoded data]

    ------END CERTIFICATE-----

    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.
  3. Repeat Steps 1 & 2 if the email also contains the Intermediate CA Certificate.  If the Intermedite CA certificate is not provided by email you can download it from here.

    NOTE: The certificates can be also downloaded from the following solutions.
     


Step 2: Concatenate the SSL and Intermediate CA Certificate

  1. You need to combine the ssl_certificate.crt file and the IntermediateCA.crt into a single concatenated file
  2. To get a single concatenated file out of the Intermediate CA and the SSL Certificate run the following command:
     
    cat IntermediateCA.crt >> ssl_certificate.crt


Step 4: Edit the Nginx virtual hosts file

  1. Open your Nginx virtual host file for the website you are securing.
    NOTE:  If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection.
  2. Make a copy of the existing non-secure server module and paste it below the original.

    Then add the lines in bold below:
     
    server {
    listen 443;

    ssl on;
    ssl_certificate /etc/ssl/your_SSL.crt;
    ssl_certificate_key /etc/ssl/your_domain_name.key;

    server_name your.domainname;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
    root /home/www/public_html/your.domainname/public/;
    index index.html;
    }
    }

  3. Adjust the file names to match your certificate files:

    ssl_certificate should be your concatenated file created in Step 3
    ssl_certificate_key
    should be the key file generated when you created the CSR.
     
  4. Restart Nginx. Run the following command to restart Nginx:
     
    sudo /etc/init.d/nginx restart

  5. To verify if your certificate is installed correctly, use the GeoTrust Installation Checker