Enable https for your nginx-hosted website with a CA-signed certificate

1. Exchange a Certificate Signing Request for certificate files

openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out my.csr

Then submit my.csr file to your CA. You will then get certificate files from it.  

* The private.key will be used for decryption during SSL/TLS session establishment between a server and a client.

2. Combine all the certificate files into a single certificate chain file

Nginx requires a single certificate file, while other servers may not.

     cat my_server.crt my_server.ca-bundle > cert_chain.crt
     vi cert_chain.crt   # to make sure there is a new line between “end certificate” and next “begin certificate"

3. Configure Nginx with the files

    server {
    	listen 80;
    	listen 443 ssl;
    	# force https-redirects
    	if ($scheme = http) {
        	return 301 https://$server_name$request_uri;
	server_name my-server.com;
    	ssl_certificate    /path/to/your/cert_chain.crt ;
    	ssl_certificate_key /path/to/your/private.key;


Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.