How do I install an SSL Certificate into Nginx? (2024)

Table of Contents
Part I - Preparing Your SSL Certificate Part II - Installing Your SSL Certificate OCSP Stapling Support

Solution

The HttpSslModule supports SSL certificates in Nginx although it is not enabled by default. This guide explains how to configure it for use.

Part I - Preparing Your SSL Certificate

Nginx is similar to Apache on its install, however the intermediate and root certificates in the chain are specified separately as they are in Apache. In order to successfully install your SSL certificate, you must create a 'bundle file' that contains your SSL certificate, the intermediate certificate and the root certificate in one file. Part I of this document will explain how to create this 'bundle file' in the correct order.

  1. First you must obtain your certificate in PEM format. By default, QuoVadis issues certificates in this format. You must convert this file if you have your SSL certificate in a different format.

    2. Note: QuoVadis provides a conversion tool at https://pkiwidgets.quovadisglobal.com/pkiwidgets/convertCert.aspx.

    You must now create a 'bundle file' that contain the certificates in the following order:

    See Also
    How to Resolve Nginx 404 Not Found Error - GcoreHow to replace Nginx SSL certificateNginx with SSL Termination | All AboutDisable SSL Certificate Verification

    -----BEGIN CERTIFICATE-----
    <The contents of your SSL certificate>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <The contents of the QuoVadis Global SSL ICA G2>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <The contents of the QuoVadis Root CA 2>
    -----END CERTIFICATE-----

  2. In order to obtain the contents of your SSL Certificate, you will have to open you SSL certificate in a simple text editor.

  3. Once your certificate is opened in a text editor, copy all of the text, including the 'BEGIN' and 'END' lines as shown in the example above.

  4. Open a new text document using your simple text editor and paste in your SSL certificate you have just copied.

  5. You will need to insert the PEM formatted contents of the QuoVadis Global SSL ICA G2 certificate and the PEM formatted contents of the QuoVadis Root CA 2 certificate below your SSL certificate contents as shown in the example. You can obtain these from http://www.quovadisglobal.com/QVRepository/DownloadRootsAndCRL/QuoVadisGlobalSSLICAG2-PEM.aspx and http://www.quovadisglobal.com/en-GB/QVRepository/DownloadRootsAndCRL/QuoVadisRootCA2-PEM.aspx respectively.

  6. Once you have done this, you must save the 'bundle file' with a *.crt file extension.

  7. Upload this file along with your private key to a directory on the Nginx server. In most cases the certificate and private key are uploaded to the /usr/local/nginx/conf/ folder.

    8. Note: For your convenience, you can obtain the 'bundle file' with the QuoVadis Global SSL ICA G2 and the QuoVadis Root CA 2 certificate already created from here. You will need to add in your SSL certificate contents to this file.

Part II - Installing Your SSL Certificate

You must ensure that Nginx is built with the HttpSslModule. You can do this by giving it the --with-http-ssl-module parameter to ./configure.
Note: Building this module requires the OpenSSL library and the respective include files.

  1. Open the Nginx configuration file and include the following in it:

    server {
    server_name your_domain_name;
    listen 443;
    ssl on;
    ssl_certificate /usr/local/nginx/conf/certificate_bundle.crt;
    ssl_certificate_key /usr/local/nginx/conf/your_private_key.key;
    }

    See Also
    Creating NGINX Plus and NGINX Configuration Files

    2. Note: The parts of the syntax above that are in bold will have to be edited to match your personal configuration.
  2. You must insert the path of the ssl_certificate directive to where your 'bundle file' that was created in Part I is located. You must also insert the path if the ssl_certificate_key directive to where you private key file is.

    3. Tip: To reduce CPU load, the wiki at Nginx recommends that you run one worker process only and enable keep alive connections by using the code keepalive_timeout n; syntax where n is a number.
  3. Once you have done this, save the Nginx configuration.

  4. You must now restart Nginx.

OCSP Stapling Support

Although optional, it is highly recommended to enable OCSP Stapling which will improve the SSL handshake speed of your website. NginX has OCSP Stapling functionality enabled since version 1.3.7.

In order to use OCSP Stapling in NginX, you must set the following in your configuration:

## OCSP Stapling
resolver 127.0.0.1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate <file>;

Where <file> is the name location and filename of the certificate installed.

Note: For ssl_stapling_verify and ssl_stapling to work, you must ensure that all necessary intermediates and root certificates are installed.
Note: The resolver name may change based on your environment.

You can read up more on OCSP Stapling at https://support.quovadisglobal.com/KB/a415/what-is-ocsp-stapling.aspx.

How do I install an SSL Certificate into Nginx? (2024)
Top Articles
How to Get a Startup Business Loan With Bad Credit in 2024
Can we use a single UPC for multiple variations of a product?
Genesis Parsippany
Manhattan Prep Lsat Forum
80 For Brady Showtimes Near Marcus Point Cinema
The Potter Enterprise from Coudersport, Pennsylvania
Sissy Transformation Guide | Venus Sissy Training
Fusion
Jesus Revolution Showtimes Near Chisholm Trail 8
Compare the Samsung Galaxy S24 - 256GB - Cobalt Violet vs Apple iPhone 16 Pro - 128GB - Desert Titanium | AT&T
Where's The Nearest Wendy's
Nexus Crossword Puzzle Solver
Power Outage Map Albany Ny
R/Altfeet
Nj Scratch Off Remaining Prizes
Blog:Vyond-styled rants -- List of nicknames (blog edition) (TouhouWonder version)
Huge Boobs Images
Nalley Tartar Sauce
Sivir Urf Runes
Wisconsin Women's Volleyball Team Leaked Pictures
Les Rainwater Auto Sales
50 Shades Darker Movie 123Movies
Metro Pcs.near Me
What Is Vioc On Credit Card Statement
Ein Blutbad wie kein anderes: Evil Dead Rise ist der Horrorfilm des Jahres
Kcwi Tv Schedule
Conan Exiles Sorcery Guide – How To Learn, Cast & Unlock Spells
Clare Briggs Guzman
Used Safari Condo Alto R1723 For Sale
Azur Lane High Efficiency Combat Logistics Plan
Craigslist Illinois Springfield
1145 Barnett Drive
Jackie Knust Wendel
Uno Fall 2023 Calendar
Desales Field Hockey Schedule
Laveen Modern Dentistry And Orthodontics Laveen Village Az
Devargasfuneral
EST to IST Converter - Time Zone Tool
Boone County Sheriff 700 Report
Cygenoth
Nail Salon Open On Monday Near Me
Frigidaire Fdsh450Laf Installation Manual
Booknet.com Contract Marriage 2
Is Ameriprise A Pyramid Scheme
Gas Buddy Il
Access to Delta Websites for Retirees
Cara Corcione Obituary
Mikayla Campinos Alive Or Dead
Used Auto Parts in Houston 77013 | LKQ Pick Your Part
Tenichtop
Loss Payee And Lienholder Addresses And Contact Information Updated Daily Free List Bank Of America
Elizabethtown Mesothelioma Legal Question
Latest Posts
How much money can I send overseas as a gift from South Africa?
Is Wise Business Safe for US Businesses?
Article information

Author: Annamae Dooley

Last Updated:

Views: 6310

Rating: 4.4 / 5 (65 voted)

Reviews: 80% of readers found this page helpful

Author information

Name: Annamae Dooley

Birthday: 2001-07-26

Address: 9687 Tambra Meadow, Bradleyhaven, TN 53219

Phone: +9316045904039

Job: Future Coordinator

Hobby: Archery, Couponing, Poi, Kite flying, Knitting, Rappelling, Baseball

Introduction: My name is Annamae Dooley, I am a witty, quaint, lovely, clever, rich, sparkling, powerful person who loves writing and wants to share my knowledge and understanding with you.