How To Install RapidSSL Certificate On NGINX Server?
RapidSSL certificate is ideal for single domain security. It does not only secure online business transactions but also improves users/customers trust for data security. In this article, we would like to elaborate on the process of installation of RapidSSL on NGINX server.
Meanwhile, NGINX server is an open-source HTTP web server which is excessively known for its high performance, reliability, and stability. It allows a reverse proxy, HTTP cache as well load balancer. The benefits offered by RapidSSL and NGINX server is good for a website.
Follow through the following steps to install RapidSSL certificate on NGINX server. But before installing a certificate on NGINX server, you need a couple of things, including:
- Buy or Renew RapidSSL Certificate
- Generate CSR and Save the private key file on your server
- Apply for SSL Certificate Issuance and get zip file in email
Step by Step Guide to Install SSL Certificate on NGINX Server
Step #1 Download certificate files (*.zip)
- Once your domain is verified, RapidSSL CA will send you a *.Zip file, which will include your SSL certificate. Quickly download your zip file and extract it on your system directory.
- The zip file includes the following:
- Server certificate
- Root certificate
- Intermediate certificate
Step #2 Create new mydomain.crt & Intermediate.crt file
- Copy main certificate file in notepad/text editor and name this file with .crt extension. You should copy data starting from ‘-----BEGIN CERTIFICATE-----' to ‘-----END CERTIFICATE-----‘.
- Copy intermediate certificate file in notepad/text editor and copy data as you did for main certificate.
Step#3 Link your Server & Intermediate certificate files
- Now the next step is to combine (or Concatenate) the Server & intermediate certificate files using the following command:
cat ssl_certificate.crt IntermediateCA.crt >> certbundle.pem
- Make the extension of this new concatenated file like .pem.
Step#4 Edit your NGINX virtual host file
- First, open the NGINXvirtual-host file for the website you want to secure
- If you want to access your site via HTTPS and HTTP (non-secure) both then you should have a server module for each type of connection.
- Create a copy of the existing non-secure server module and paste it below the original before you add below bold lines.
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_SSL.crt;
ssl_certificate_key /etc/ssl/your_domain_name.key;
server_name your.domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/your.domainname/public/;
index index.html;
}
}
Please note the following:
- The above code is the certbundle.pem file that was first created in Step# 3.
- The ssl_certificate_key in the above code is the certificate key file that you first received while generating the CSR
The above points are worthy to note in order to add the correct file name and path during the whole process.
Step#5 Restart NGINX
- Restart your NGINX server using the following piece of code:
sudo /etc/init.d/nginx restart
Finally, you have installed SSL Certificate on NGINX server. To view the certificate and check whether it is working properly or not, you can visit the website in your browser at https://yourdomain.tld. You can check in SSL checker that will give insight of your SSL certificate like issuer, valid date, domain name, key size, other details. Don’t forget to restart your server to make sure that the changes take effect.