How to install a ssl certificate on nginx
How to install a ssl certificate on nginx
This is really a hassle when using nginx with https and your certificates uses bundle CA files (certificate authority).
The only directives that you’re given when installing the certificate is:
1 2 3 4 5 6 7 8 |
server { listen 443; server_name domain.com; ssl on; ssl_certificate /your/ssl/folder/domain_certificate.crt; ssl_certificate_key /your/ssl/folder/domain_certificate.key; ... } |
So as you can see, you only have those two directives, but nowadays certificates are soled cheap from a reseller which is using a bundle file for authorizing the certificate chain.
Not all users know that while this is confusing, it’s not really a problem.
Let’s say we have the bundle file named bundle_ca.crt which contains the CA certificate for your domain_certificate.crt . To be able to use the certificate, you need to combine these two certificates into a single one, by appending the CA file to the bottom of your domain_certificate.crt.
It is important that your domain_certificate.crt remains at the top of the certificate file!
To append or combine the two certificate, from command line you need to do:
1 |
cat domain_certificate.crt bundle_ca.crt > domain_certificate_combined.crt |
This will create for you domain_certificate_combined.crt which now can be used on your nginx virtualhost configuration:
1 2 3 4 5 6 7 8 |
server { listen 443; server_name domain.com; ssl on; ssl_certificate /your/ssl/folder/domain_certificate_combined.crt; ssl_certificate_key /your/ssl/folder/domain_certificate.key; ... } |
That’s about it, then you can restart, reload or start nginx and you’re done.
1 |
/etc/init.d/nginx reload |