In this guide, we’ll break down the process into clear, easy steps, covering everything from applying for the certificate to successfully configuring your server.
By the end of this article, you’ll have a seamless setup without missing any critical detail.
To Generate the CSR with Nginx using OpenSSL:
Step 1: Log in to the Server using SSH client (Putty).
Step 2: Run the below openSSL command.
openssl req –new –newkey rsa:2048 –nodes –keyout (server).key –out (server).csr
Note: Modify the “server” text in the above command line using your own server name.
Step 3: In the next step you have to submit a common name. For this purpose, type the name of the qualified domain that you are hoping to secure.
Step 4: Now, provide your organizational details.
Step 6: Now you have to tap into your SSL/TLS certificate and receive your files (Here, you will receive both CSR and Private-key files).
Step 7: Store the private key on the server where you would install your SSL certificate.
Step 8: Use the CSR file to generate the certificate by submitting it to the CA via the SSL vendor or directly to the Certificate Authority.
Steps to Install Wildcard SSL Certificate on Nginx Server
Step 1- Purchase your Wildcard SSL certificate
Before proceeding with the installation of a Wildcard SSL certificate on Nginx, the first step is to purchase a Wildcard SSL certificate from a trusted provider at an affordable price.
Make sure the certificate does exactly what you need. Take time to check what it offers—like strong security and support for the special key (CSR) you created. This will help protect all parts of your website (like blog.yoursite.com or shop.yoursite.com).
Step 2- Download the Certificate Files To Your Server
By now, you should have received your CA bundle files after completing the validation process. Check your email for the CA bundle, which contains your certificates. This bundle typically includes both the intermediate and primary certificates in a zipped file.
Step 3- Configure the Nginx server with the new certificate
In the second step, we guided you on obtaining your primary and intermediate certificates. Now, it’s time to log in to your server using tools like FTP or SSH. Once logged in, upload both certificates to the /etc/ssl directory on your Nginx server.
Don’t forget to copy the private key you generated while creating the CSR. After that, you’ll need to combine the primary and intermediate certificates into a single file. To do this, use the appropriate command to concatenate them.
Step 4 – Merge both Intermediate and Primary Certificate
To finalize the merging process, use the OpenSSL command to concatenate the certificates. This ensures the primary and intermediate certificates are combined into a single file. Here's an example of the command:\
cat your_domain_name.crt intermediate.crt >> bundle.crt
Step 5: Modify your the Nginx Virtual Hosts file
Now, edit the virtual host files of Nginx server. So, open the host file and paste the code in the original one.
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
ssl_certificate_key /etc/ssl/your_domain_name.key;
server_name your.domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}
Note: Make sure you adjust the file names so they can match the certificate files.
Step 6 – Test The Installation For Success
Once you've completed the configuration, it's important to restart Nginx to apply the changes and verify that the certificate is installed correctly.
Verify Your SSL Certificate
Once you’ve installed your Wildcard SSL Certificate, it’s essential to verify that everything is working correctly.
Use a Web Browser: The simplest way to check is by visiting your website. Look for the padlock icon in the address bar. Click on it to see the certificate details. This confirms that the SSL is active.
Online SSL Checker: You can also use online tools like SSL Labs' SSL Test to analyze the strength of your SSL configuration and check for any potential issues.
Command Line Check: If you prefer the command line, you can use OpenSSL to verify the certificate:
openssl s_client -connect yourdomain.com:443
This command will provide detailed information about your SSL certificate.
If you are managing multiple servers, ensure each is configured to handle the Wildcard SSL certificate.
This involves generating a CSR, obtaining certificate files, and repeating the installation steps across servers.
This approach secures all your subdomains without needing individual certificates. Here is the complete guide on installing a Wildcard SSL on multiple servers.
Conclusion
Installing Wildcard SSL Certificate in the Nginx server might seem daunting at first, but as you’ve seen, it’s a pretty straightforward process when broken down into manageable steps.
With your website secured, you can now focus on providing the best experience for your users. Remember, a secure site builds trust, and trust builds business!
Top comments (0)