How to generate an SSL Certificate Signing Request for your Nginx Web Server with OpenSSL and install your SSL Certificate on your Nginx web server.
Actually I was surprised how easy it was to install SSL certificates for Nginx on Ubuntu.
I don’t remember if it was needed or not at this point or just when I was installing self signed SSL certificates for testing but, make sure you have the ssl-cert package installed:
Then make the CSR:
This will start the process to generate two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file used to when ordering your SSL Certificate.
When you are prompted for the Common Name, which is your domain name, enter the fully qualified domain name for the site you are securing. Either www.afterdarkmike.com or afterdarkmike.com. Remember accessing the opposite of which you select via web browser will generate a miss-match domain security warning, with most browsers stopping you there.
If you are generating a Wildcard SSL Certificate for your Nginx server, make sure your common name starts with an asterisk (e.g. *.afterdarkmike.com).
Open the .csr file with a text editor (Notepad++,Notepad,etc) and copy and paste it (including the BEGIN and END tags) into your SSL order form. Save the certificate files, you will need them later.
In my case I was purchasing a Comodo SSL Certificate for a clients website we host and manage at After Dark Communications.
At the time of posting, your Comodo SSL Certificate order will be shipped via an email which will include the SSL Certificate as well as the intermediate CA bundle. Copy them both into one file, including the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header/footers and save it as commonname.crt. ex afterdarkmike.com.crt.
So your file will look like:
Now to set up Nginx.
Edit the Nginx Virtual Hosts File:
Adjust the file names to match the certificate files and restart Nginx.