Configure a site with SSL on an Nginx server

This post describes how to setup a server block on nginx with a Thawte SSL123 certificate.

This how to can of course also be used with other SSL vendors (comodo, digicert, …) but you’ll have to change some steps of course 🙂

First, we’ll start with the certificate request.

To create your request, use the openssl command:

And follow the SSL csr generation process:

Now, if you look inside of your CSR files, you’ll see something like

Now it’s time to go and buy your certificate at your favorite SSL reseller…

Be sure to have a mailbox to be able to send your certificate approval email to (mainly this is: admin@securedomain.com or webmaster@, hostmaster@, administrator@,…)

Once you have received your SSL Certificate from Thawte, create a new file and paste in the certificate.

So paste it inside of www.securedomain.com.crt

Thawte has upgraded their root hierarchy to 2048bit RSA Keys (more information),  so you need the Intermediate CA to support old web browsers. For the nginx web server you can download the file from Thawte here by:

One you have this file, echo the contents and paste it at the end of your crt file.

Now enable SSL in your nginx server block by:

In my example, your site will listen to both Port 80 and 443 (SSL), you can of course redirect http to https by adding this in your nginx server block config:

 

Leave a Reply

Your email address will not be published. Required fields are marked *