INSTALL CERTIFICATE – NGINX 

 

To install a certificate in Nginx, a 'Certificate Bundle' must be created. To accomplish this, each certificate (SSL Cert, Intermediate Cert, and Root Cert) must be in the PEM format.

1.  Open each certificate in a plain text editor.

2. Create a new document in a plain text editor.

3. Copy and paste the contents of each certificate into the new file.

The order should be:

  • Your GlobalSign SSL Certificate
  • GlobalSign Intermediate Certificate
  • GlobalSign Root Certificate
  • Your completed file should be in this format:

—–BEGIN CERTIFICATE—–
#Your GlobalSign SSL Certificate#
—–END CERTIFICATE—–

—–BEGIN CERTIFICATE—–
#GlobalSign Intermediate Certificate#
—–END CERTIFICATE—–

 

—–BEGIN CERTIFICATE—–
#GlobalSign Root Certificate#
—–END CERTIFICATE—–

4. Save this 'Certificate Bundle' as a .crt

5. Upload the Certificate Bundle & private key to a directory on the Nginx server.

6. Edit the Nginx virtual hosts file.

7. Open the Nginx virtual host file for the website you are securing. If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection.

8. Make a copy of the existing non-secure server module and paste it below the original.

9. Add the lines shown below:

server{ listen 443; ssl on; ssl_certificate /etc/ssl/your_domain.crt; ssl_certificate_key /etc/ssl/your_domain.key; server_name your.domain.com; access_log /var/log/nginx/nginx.vhost.access.log; error_log /var/log/nginx/nginx.vhost.error.log; location / { root /home/www/public_html/your.domain.com/public/; index index.html; } 

Note: Make sure you adjust the file names to match your certificate files:

  • ssl_certificate should be your primary certificate combined with the root & intermediate certificate bundle that you made in the previous step (e.g. your_domain.crt).
  • ssl_certificate_key should be the key file generated when you created the CSR.
  • Restart Nginx:

sudo /etc/init.d/nginx restart

Last updated: July 25, 2017