How to install a ssl certificate on nginx
How to install a ssl certificate on nginx
This is really a hassle when using nginx with https and your certificates uses bundle CA files (certificate authority).
The only directives that you’re given when installing the certificate is:
server {
listen 443;
server_name domain.com;
ssl on;
ssl_certificate /your/ssl/folder/domain_certificate.crt;
ssl_certificate_key /your/ssl/folder/domain_certificate.key;
...
} |
So as you can see, you only have those two directives, but nowadays certificates are soled cheap from a reseller which is using a bundle file for authorizing the certificate chain.
Not all users know that while this is confusing, it’s not really a problem.
Let’s say we have the bundle file named bundle_ca.crt which contains the CA certificate for your domain_certificate.crt . To be able to use the certificate, you need to combine these two certificates into a single one, by appending the CA file to the bottom of your domain_certificate.crt.
It is important that your domain_certificate.crt remains at the top of the certificate file!
To append or combine the two certificate, from command line you need to do:
cat domain_certificate.crt bundle_ca.crt > domain_certificate_combined.crt |
This will create for you domain_certificate_combined.crt which now can be used on your nginx virtualhost configuration:
server {
listen 443;
server_name domain.com;
ssl on;
ssl_certificate /your/ssl/folder/domain_certificate_combined.crt;
ssl_certificate_key /your/ssl/folder/domain_certificate.key;
...
} |
That’s about it, then you can restart, reload or start nginx and you’re done.
/etc/init.d/nginx reload |
