17th Feb 2020

Install SSL certificate with Nginx

Server

Written By, Hinaba Chauhan

Overview

Recently, I had installed the GoDaddy certificate with Nginx and faced a lot of issues, so just thought sharing it in a blog will be a good idea. This blog covers the steps of installing GoDaddy certificate with Nginx. First, we need to know about the Certificate Signing Request (CSR) and the private key. CSR is a special code, which contains some information like domain name, organization name, email id, etc. It is an important part of SSL certificate creation. SSL can’t work without a private key. The private key is a file that is used in encryption/decryption of data which is transferred between the server and the client.

There are two ways of generating SSL

  1. You have to generate an SSL certificate in GoDaddy and you will get CSR and private key files.
  2. Generate these CSR and private key on Nginx server and then provide this CSR file at the time of SSL generation in GoDaddy.

Generate SSL certificate, CSR and private key

Firstly, create a folder to store all SSL certificate files in /etc/nginx.

And change the SSL folder permission.

As I mentioned earlier, there should be one situation out of these two, either you create an SSL certificate first or you create CSR and private key first.

  1. If you already have an SSL certificate generated on GoDaddy.
    In this scenario, you already have an SSL certificate generated, so GoDaddy has already provided you with the CSR and Private key.
    You just need to upload these files to Nginx server.These files are in text format so convert them to .csr and .key format by just renaming and adding an extension. Also open key file and if it contains —–BEGIN PRIVATE KEY—– and —–END PRIVATE KEY—– then edit them to —–BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—–Now upload these files to Nginx server in the ssl folder. Upload local files to server.

    Above command will add files to home directory of the server,
    from there you can copy them to ssl folder.

    We need to change it to proper key format, so run the following command into ssl folder.
  2. If you do not have purchased the SSL certificate
    In this scenario we first need to generate CSR and private key on our Nginx server.

    For example,

    Here my_domain.com is my domain name.

    Now, at the time of purchasing an SSL certificate, you need to copy and paste the csr file (for example, my_domain.com.csr) certificate to send a request for SSL certificate.

    Use the following command to print the file content:

Download certificate files

You can download certificate files from GoDaddy . It will ask for server type in GoDaddy, select other for Nginx and it will give you 3 files.

For example, the filenames are 132a60b787c41556.crtgd_bundle-g2-g1.crt, 132a60b787c41556.pem

Now rename the 132a60b787c41556.crt to my_domain.com.crt and gd_bundle-g2-g1.crt to intermediate.crt

Install the certificate on Nginx server

Now, upload these 2 certificates in /etc/nginx/ssl folder

As we have intermediate certificate, we have to create chained certificate from these 2 certificates and for that use the following command

Don’t forget to change the SSL folder permissions.

Now it’s time to edit Nginx config file.

Your config file should look like block below.

Save, quit and now test nginx config file by using the following command.

Then restart the nginx server.

Finally, test it by attaching https:// to your domain

Conclusion

I hope this blog will be helpful for those who are installing an SSL certificate to Nginx for the very first time.

Written By,

MEAN stack developer at Yudiz Solutions Pvt. Ltd