Add an SSL certificate to NGINX

Today I moved my web server from HTTP to HTTPS. I used StartSSL to get a free certificate.

Performing this was relatively simple, specially following this tutorial: http://www.westphahl.net/blog/2012/01/03/setting-up-https-with-nginx-and-startssl/

Generating the necessary files on the linux machine (the csr is required by StartSSL):

openssl req -newkey rsa:2048 -keyout ithasu.key -out ithasu.csr

Then, to remove the passwork of the key:

openssl rsa -in ithasu.key -out /etc/nginx/ssl/ithasu.org.key

Then download the pem file from StartSSL and concatenate it with the StartSSL intermediate certificate (Class 1):

cat ithasu.org.pem sca.server1.crt | sudo tee /etc/nginx/ssl/ithasu.org_chain.pem

Then activate SSL server and specify keys in nginx configuration:

server {
  ...
  listen 443 ssl default_server;
  ...
  ssl_certificate /etc/nginx/ssl/ithasu.org_chain.pem;
  ssl_certificate_key /etc/nginx/ssl/ithasu.org.key;
  ...
}

Et voilà !

Featured image from: https://www.flickr.com/photos/mapbox/ under Creative Commons license.

Leave a Reply

Your email address will not be published. Required fields are marked *