SSL Store Loading

SSL Certificate Installation Guideline for Nginx

A Complete Guideline to Install SSL Certificate on Nginx

At The SSL Store™, we have devised a step-by-step procedure on how to install an SSL certificate on Nginx server. If you still need to generate your Certificate Signing Request (CSR) please see our page dedicated to CSR generation.

SSL Installation Guide for Nginx

If you have already received a your_domian_name.pem,please skip directly to Step 4. Otherwise begin with Step 1.

Step 1 – Download all the necessary certificate files (your Server Certificate and the Intermediates) via your user account or from the email provided by your CA. Your server certificate will have a file name matching your order number or domain name. The Intermediate Certificates may be named CABundle.crt.

Step 2 – Copy these certificates to your server's directory, where you intend to store your certificate and key files. Please include the .key file generated during CSR-generation. For increasing the security, you can make them readable by root-only.

Step 3 – If its required to combine your certificates to one file, you can usually do this on your server cia the "cat" command. Proceed by running the following command to concatenate the 'Primary' and 'Intermediate' certificate files into single pem file:

cat your_domain_name.crt DigiCertCA.crt >> bundle.crt

Step 4 – For the website you are securing, open your Nginx virtual host file.

If you want your website to be accessible via secure (https) and non - secure (http) you will need a server module for each type of connection.

Step 5 – Now, copy the existing non-secure server module and paste it below the original then add the lines highlighted in bold from the comment given below:



listen 443;

ssl on;
ssl_certificate /etc/ssl/your_domain_name.crt; (or .pem)
ssl_certificate_key /etc/ssl/your_domain_name.key;

access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/; index index.html;

In the above comment,
ssl_certificate is your primary certificate, which is combined with the intermediate certificate, created in the previous step
ssl_certificate_key is the private key generated during the CSR generation.

Step 6 – This brings us to the end of the procedure, where you only need to restart the Nginx web-server by running the following command:

sudo /etc/init.d/nginx restart


Normally the servers instantly start using the newly installed SSL certificate, without restarting. However, you can always verify if the SSL certificate has been installed successfully by using our SSL Tools.

When testing an SSL certificate it is best to use a URL browser other than Internet Explorer. This is recommended by experts because, unlike other web browsers, Internet Explorer is able to verify your website with or without an intermediate certificate. If you receive warnings about your site not being trusted, from other URL browsers then you need to install an intermediate certificate

Please review the above Step 3.

World's Leading Provider of Website Security Solutions