Installing SSL Certificates for Nginx on Ubuntu

DZone 's Guide to

Installing SSL Certificates for Nginx on Ubuntu

In this post, we provide a quick tutorial on a key aspect of web and network security: how to install SSL certificates to your server.

· Security Zone ·
Free Resource

Purchasing an SSL certificate requires creating a Certificate Signing Request (CSR) which you can do on your host using the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

When you purchase your certificate from your vendor, you'll provide the text content from your CSR file. Once you have the certificate files (normally a .crt and a .key file), transfer them to your server, and place them somewhere like /etc/ssl-certs/.

In your /etc/nginx/nginx.conf (or /etc/nginx/sites-enabled/default), add to the server { } block:

server {
listen 443 ssl;
ssl on;
ssl_certificate     /etc/ssl-certs/yourdomain_com.crt;
ssl_certificate_key /etc/ssl-certs/yourdomain.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

  # rest of server config

Restart Nginx with:

sudo service nginx restart

This is documented in the Nginx docs here.

network security, security, ssl/tls, web security

Published at DZone with permission of Kevin Hooke , DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}