Install SSL Certificate NGINX Server
Download and unzip your certificate files
Download and unzip your certificate files in NGINX format by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. You will find one .crt file that contains your domain SSL server certificate stacked on top of the required CA intermediate chain pre-bundled for you.
-
your_domain_com.crt
Copy these files, along with the private key file you created when generating the CSR, to the NGINX /etc/ssl
directory.
Update your NGINX Configuration File
Locate your NGINX configuration file and enter the full path to your your_domain_com.crt
SSL server certificate and private key files.
worker_processes 1;
http {
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/your_domain_com.crt;
ssl_certificate_key /usr/local/nginx/conf/private.key;
keepalive_timeout 70;
}
}
Since NGINX version 0.7.14 the preferred way of enabling SSL is by using the ssl
parameter of the listen
directive:
server {
listen 443 default ssl;
ssl_certificate /usr/local/nginx/conf/your_domain_com.crt;
ssl_certificate_key /usr/local/nginx/conf/private.key;
...
}
Test your NGINX configuration
After making changes to your config file it is good practice to check the file for syntax errors before restarting NGNIX. The following command will determine if there are errors.
~$ sudo nginx -t -c /etc/nginx/nginx.conf
Restart NGINX web server
The new configuration changes require server restart. Use the following command to restart your NGINX server.
~$ sudo /etc/init.d/nginx restart
Verify Installation
- To verify if your certificate is installed correctly, use our Certificate Installation Checker.
- Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.
- Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.
Additional Resources
- Official NGINX website
- Setting up an NGINX HTTPS Server
- NGINX certificate chains
- Setting up NGINX to use or Server Name Indication (SNI)