• Home
  • |
  • Blog
  • |
  • Step-By-Step Procedure To Install SSL/TLS Certificate On Nginx Web Server!
procedure to Install SSL TLS Certificate on Nginx Web Server

If you have a website that is running on unsecured HTTP protocol on an Nginx web server, and you want to connect your website through a secured HTTPS channel by installing an SSL/TLS certificate on the Nginx web server, then follow this procedure to install SSL/TLS certificate on Nginx web server.

How To Install SSL/TLS Certificate On Nginx Web Server?

The procedure primarily requires a website running on a web server like Apache or Nginx. An SSL/TLS certificate with the private key to enable HTTPS service on your website. In this demonstration, we have covered right from creating a website to configure the website with an SSL/TLS certificate. The whole process consists of these four steps. However, you can ignore the first two steps if you have a site hosted on the Nginx web server and an SSL/TLS certificate with the private key.

  1. Set up your own web site on Nginx web server.
  2. Submit the CSR to a Certificate Authority and download the certificate with its private key.
  3. Configure Nginx configuration file with the SSL/TLS certificate and private key.
  4. Restart the Nginx services.

Time needed: 30 minutes.

Install SSL/TLS Certificate on Nginx Web Server!

  1. Set up a website on Nginx


    In this section, we will be installing Nginx webserver on Linux Mint and creating a website ‘exampledomain.com’. If you have a site running on Nginx, you can skip this section.

    #1. Install Nginx on Linux
    $ sudo apt-get install nginx

    #2. Check the Status
    $ sudo systemctl status nginx

    #3. Start Nginx if not started
    $ sudo systemctl start nginx

    #4. Allow both HTTP and HTTPS on the UFW firewall
    $ sudo ufw allow ‘nginx full’

    #5. Configure a Server Block on Nginx
    Most of the time you may need to host multiple sites/domains on a single web server. Most of the modern web servers accomplish this via virtual hosts. In Nginx, those virtual machines are functioning as server blocks. Nginx has one default server block preconfigured. We are not going to tweak the default server block. We will create a new one for an example site.

    #5.1. Create a directory for your site under /var/www/.
    $ sudo mkdir -p /var/www/exampledomain.com/html

    #5.2. Set the permission and ownership
    $ sudo chown $USER:$USER /var/www/exampledomain.com
    $ sudo chmod 755 /var/www/exampledomain.com


    #5.3. Create an index.html file for the test site using nano editor
    $ sudo nano /var/www/exampledomain.com/html/index.html

    #5.4. Create the server block configuration file
    $ sudo nano /etc/nginx/sites-available/exampledomain.com

    #5.5. Create symbolic link of the configuration file
    $ sudo ln -s /etc/nginx/sites-available/exampledomain.com /etc/nginx/sites-enabled

    #6. Restart the Nginx Service
    $ sudo systemctl restart nginx

    #7. Add the host file entry. Edit the file /etc/hosts in nano editor
    $ sudo nano /etc/hosts

    #8. Add the below line right below the localhost entry
    127.0.1.1 exampledomain.com www. exampledomain .com

    This is how you can create a website on Nginx.

    Set up a website on Nginx server

  2. Create a CSR, submit the CSR to a Certificate Authority, and download the certificate with its private key.

    Certificate Signing Request is the first step to get a Certificate for your website.

    #1. Create a CSR for the site with a private key. This command will create two files exampledomain.com.csr and exampledomain.com.key.
    $ openssl req -new -newkey rsa:2048 -nodes -keyout exampledomain.com.key -out exampledomain.com.csr

    #2. Submit the content of the CSR to your internal or public Certificate Authority to sign the certificate. Once the CA issues the certificate download it to /etc/nginx/ssl/exampledomain.com/ directory on your Nginx server.

    #3. Copy the exampledomain.com.key to /etc/nginx/ssl/exampledomain.com/ directory.

    Note: You can skip this step if you have the certificate for your site.

    Get the certificate for your website

  3. Configure the Nginx configuration file with the SSL/TLS certificate and private key.

    This is the place where you need to link the certificate to your website. Edit the Nginx config file and point the certificate and its private key.

    $ sudo nano /etc/nginx/sites-available/exampledomain.com

    server {
    listen 80;
    listen 443 ssl;

    root /var/www/exampledomain.com/html;
    index index.html index.htm index.nginx.debian.html;

    server_name exampledomain.com www.exampledomain.com;
    ssl_certificate /etc/nginx/ssl/exampledomain.com/exampledomain.com.crt;
    ssl_certificate_key /etc/nginx/ssl/exampledomain.com/exampledomain.com.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:HIGH:!aNULL:!MD5;

    location / {
    try_files $uri $uri/ =404;
    }
    }


    How to Install SSLTLS Certificate on Nginx Web Server

  4. Restart the Nginx services.

    Restart the Nginx service using this domain.

    $ sudo systemctl restart nginx

    Test the Nginx configuration.

    $ sudo nginx -t

    If you see a successful message. You can access the site over HTTPS secure channel.



    Enable SSL certificate on your website

This is how you can install SSL/TLS certificate on the Nginx web server and enable HTTPS communication on your website.

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.