How to deploy SSL certificate on nginx server

 What is SSL?

SSL (Acronym for Secure Socket Layer) is a technology that encrypted connection between your web server and your visitors’ web browser. In order to enable SSL on your website, you will need to get an SSL Certificate that identifies you and install it on the server.
After the certificate is installed, the website can be accessed securely by changing the URL from http:// to https://.
HTTPS (Hypertext Transfer Protocol Secure) is a communications protocol used on the Internet that has a layer of security added. It is a combination of the standard HTTP protocol, and a security protocol called SSL/TLS.

To successfully deploy SSL certificate on Nginx server follow the steps mentioned below

Step 1: Generate CSR and key file

The first step is to generate the SSL certificate itself by running the following line in the terminal

~ $openssl req -new -newkey rsa:2048 -nodes -sha256 -keyout yourdomain.com.key -out yourdomain.com.csr

This command will generate the key and certificate file

There will series of questions being asked before you will receive the key and crt file, answer them appropiately. The following is an example of how the prompts will look like.

Generating a 2048 bit RSA private key
 ……………………………………………………………………………………………………………………………….++
 …………………………………………………………+++
 writing new private key to ‘yourdomain.com.key’
 —–
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter ‘.’, the field will be left blank.
 —–
 Country Name (2 letter code) [XX]:IN
 State or Province Name (full name) []:Maharashtra
 Locality Name (eg, city) [Default City]:Mumbai
 Organization Name (eg, company) [Default Company Ltd]:enter your company name
 Organizational Unit Name (eg, section) []: Example Web Administration, Web Security, Marketing, IT
 Common Name (eg, fully-qualified domain name (FQDN) ) []:www.yourdomain.com 
 Email Address []:yourdomain@gmail.comPlease enter the following ‘extra’ attributes
 to be sent with your certificate request
 A challenge password []: No need to enter any password
 An optional company name []: No need to enter any optional company

After this you will be getting  two files, CSR and key file.

yourdomain.com.csr
yourdomain.com.key

The certificate authority will use the information contained in the CSR (Organization name, domain name (Common Name), public key, etc.) to create your certificate.

The E2E Networks’ sales team (sales@e2enetworks.com) can assist you in the process of ordering the certificate. Please share the csr , key file with range of SSL certificates which you require for your domain.

After buying SSL certificate, E2E Networks’ team will send you a zipped folder via email. Downlaod the certificate and unzip the folder. You will receive the following files:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
yourdomain.com.crt

After that make bundles by order given  below:

cat yourdomain.com.crt > bundle.crt
cat COMODORSADomainValidationSecureServerCA.crt > bundle.crt
cat COMODORSAAddTrustCA.crt >>bundle.crt
cat AddTrustExternalCARoot.crt >> bundle.crt

And then rsync the below file from local machine to server for deploy the ssl certificate:

yourdomain.key
bundle.crt

Step 2: Configure nginx to use SSL

Now that we have created the key and certificate files we need to modify the nginx configuration file to use SSL . Your server block may look something like this:

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        root /usr/share/nginx/html;
        index index.html index.htm;

        server_name your_domain.com;

        location / {
                try_files $uri $uri/ =404;
        }
}

Copy the content of this file and paste it below itself by making the following changes to it . This will enable SSL to listen to port 443

server {
      
        listen 443 default_server ssl spdy;
        ssl on;
        ssl_certificate enter path of bundle.crt;
        ssl_certificate_key enter path of yourdomain.key;
        
}

When you are finished, save and close the file.

Step 3: Test syntax

Before restarting the server, you need to check whether the syntax of configuration file is ok. Run the following command in the terminal to check this

nginx -t

If the syntax is perfect, you will receive a message as follows

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you receive an error message, then try to fix the syntax issue before restarting the web server

Step 4: Restart Nginx

Now, all you have to do is restart Nginx to use your new settings:

sudo service nginx restart

Check the status of nginx once to be sure it has restarted properly

sudo service nginx status

This should reload your site configuration, now allowing it to respond to both HTTP and HTTPS (SSL) requests.

Add A Comment