SSL Certificate Installation for Nginx Server

Solution ID:    SO17482
Version:    10.0
Published:    08/19/2009
Updated:    04/10/2014

Solution

This document provides installation instructions for Nginx server. If you are unable to use these instructions for your server, GeoTrust recommends that you contact the server vendor or the organization, which supports Nginx.

Step 1: Obtain the GeoTrust Certificate

  1. The GeoTrust certificate will be sent by email.
  2. Copy the certificate imbedded in the body of the email and paste it into a text file using Vi or Notepad.

    The text file should look like:

    -----BEGIN CERTIFICATE-----

    [encoded data]

    ------END CERTIFICATE-----

    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.

    NOTE: The certificate can be also downloaded from the following solutions.

    Please select X.509 as a certificate format and copy only the End Entity Certificate.

    • GeoTrust Security Center, refer to solution SO22158
    • GeoTrust Enterprise Security Center, refer to solution SO21128
    • GeoTrust User Portal, refer to solution SO15168
       
  3. To follow the naming convention for Nginx, rename the certificate filename with the .crt extension.
    For example: SSL.crt        


Step 2: Download the GeoTrust Intermediate CA Bundle

  1. Download the Intermediate CA certificate from this link: AR1421
  2. Under Bundled Intermediate (PEM) column, download the Intermediate CA Bundle based on your SSL certificate product.
  3. Copy and paste the file on a Notepad.
  4. Save the file as Intermediate.crt


Step 3: Concatenate the SSL and Intermediate CA Bundle Certificate

  1. You need to combine the SSL.crt file and the intermediate.crt into a single pem file
  2. To get a single .pem file out of the Intermediate CA Bundle and the SSL Certificate run the following command:

    cat intermediate.crt >> SSL.crt


Step 4: Edit the Nginx virtual hosts file

  1. Open your Nginx virtual host file for the website you are securing.
    NOTE:  If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection.
  2. Make a copy of the existing non-secure server module and paste it below the original.

    Then add the lines in bold below:

    server {
    listen 443;

    ssl on;
    ssl_certificate /etc/ssl/your_SSL.crt;
    ssl_certificate_key /etc/ssl/your_domain_name.key;

    server_name your.domain.com;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
    root /home/www/public_html/your.domain.com/public/;
    index index.html;
    }
    }
     
  3. Adjust the file names to match your certificate files:

    ssl_certificate should be your .pem file created in Step 3
    ssl_certificate_key
    should be the key file generated when you created the CSR.

  4. Restart Nginx. Run the following command to restart Nginx:

    sudo /etc/init.d/nginx restart
     
  5. You can verify the certificate installation using the GeoTrust Installation Checker 

Legacy ID

jason_ramos

Disclaimer:

RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Knowledge Center


Search Tips