SSL setup in Nginx
Purchase SSL from any of the following SSL stores like(https://comodosslstore.com/)
1: Generate a CSR file for the server with the following command.
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csrExample:- openssl req -new -newkey rsa:2048 -nodes -keyout abc.key -out abc.csr (Here abc is my domain)
It will ask you the following details
Generating a 2048 bit RSA private key
..+++
…………………………………………………………+++
writing the new private key to ‘abc.key’
— — -
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields, there will be a default value,
If you enter ‘.’, the field will be left blank.
1. Country Name (2 letter code) [AU]:
2. State or Province Name (full name) [Some-State]:
3. Locality Name (eg, city) []:
4. Organization Name (eg, company) [Internet Widgits Pty Ltd]:
5. Organizational Unit Name (eg, section) []:
6. Common Name (e.g. server FQDN or YOUR name) []:
If its SSL wildcard purchased, then wrote like *.yourdomain
Example *.abc.com
7.Email Address []:
Please enter the following ‘extra’ attributes
to be sent with your certificate request
8. A challenge password []:
9. An optional company name []:
It will generate two files abc.csr and abc.key
2. Open the abc.csr and paste in the CSR field from where you’re purchasing SSL
Then after continuing and checking the boxes in comodosslstore, you’ll finally get the message that your order is complete
It says Thank You
3. You’ll get an email in that email address that you’ve provided while generating CSR.
Open that mail, you will get something like this
To permit the issuance of the certificate please browse here -> click to open that link
and enter the following “validation code”:
4. Copy the validation link and past it in the field that you’ve got in the link
After successful validation, it says
Thank you
You have entered the correct Domain Control Validation code. Your certificate will now be issued and emailed to you shortly. Please close this window now.
5. Then Go to my orders in comodosslstore, open the orderid and then download the certificate
You’ll get the zip file with the following folders
CER — CRT Files, PKCS7 File, Plain Text Files
and two files Choosing the Right Files to Install.txt, ! PRIVATE KEY INFO !.txt
6. Open the “CER — CRT Files” Folder, you’ll find 5 files.
7. Open the terminal and concat all the files to a single file
sudo cat STAR_your_file_name.crt remaining 4 files > ssl-bundle.crtIf you are on windows, use
type STAR_domain.crt remaining four filesAlso please use the same order for concat
type STAR_domain_filenm.crt SectigoRSADomainValidationSecureServerCA.crt My_CA_Bundle.ca-bundle AAACertificateServices.crt USERTrustRSAAAACA.crt USERTrustRSAAAACA.crtMake sure use this same order, if not then in Nginx it throw an error like
SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)Push all the files ssl-bundle.crt and abc.key into the server
8. Make a ssl folder /etc/nginx/ssl and copy the above two files in that folder
9. open sudo nano /etc/nginx/sites-availble/default
Firstly, I comment the 80 port and enable 443 port for ssl
server {
ssl on;
ssl_certificate_key /etc/nginx/ssl/abc.key;
ssl_certificate /etc/nginx/ssl/ssl-bundle.crt;
#listen 80;
#listen [::]:80;
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
}
Now Open the http port and redirect to https
server {
listen 80;
server_name abc.com;
return 301 https://abc.com$request_uri;
}
If you are generating CSR files from your system, you can also copy files from the system to the server without need Filezilla or any other application.
sudo scp -r -i pemfile ssl/ ubuntu@ip:/home/ubuntu (Copy all files to server)