1. Exchange a Certificate Signing Request for certificate files
openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out my.csr
Then submit my.csr file to your CA. You will then get certificate files from it.
* The private.key will be used for decryption during SSL/TLS session establishment between a server and a client.
2. Combine all the certificate files into a single certificate chain file
Nginx requires a single certificate file, while other servers may not.
cat my_server.crt my_server.ca-bundle > cert_chain.crt
vi cert_chain.crt # to make sure there is a new line between “end certificate” and next “begin certificate"
3. Configure Nginx with the files
server {
listen 80;
listen 443 ssl;
# force https-redirects
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
server_name my-server.com;
ssl_certificate /path/to/your/cert_chain.crt ;
ssl_certificate_key /path/to/your/private.key;
}
}