Installing SSL certificates on your server and renewing them before they expire is key to web security. Apart from getting rid of the “not secure” warning messages that could potentially impact business, it also ensures that your users have a safer experience online. If you use an Nginx server, this means that you need to know how to install an Nginx SSL certificate on your server. Or, more accurately, how to install any brand of SSL certificate — such as a Sectigo SSL certificate — on your Nginx server.
So, how to install Sectigo SSL to Nginx? Before that, let’s take a look at the checklist to ensure that you have everything you need, starting with the digital certificate.
How to Install an Nginx SSL Certificate: An Initial Checklist
Before getting started with the installation steps, please ensure that the following prerequisites are met:
- Purchase or renew your SSL certificate.
- Generate and submit the certificate signing request (CSR).
- Save the private key on your server.
- Complete the order for SSL certificate issuance and submit all relevant documents.
- Save your server certificate file and your intermediate certificates.
How to Install an Nginx SSL Certificate: A Step by Step Guide
Once you have everything on the initial checklist, you can follow the steps below that describe how to install Sectigo SSL to Nginx.
- Link Your Files.
Concatenate the CA bundle zip file and the certificate file, which were sent to your registered email by Sectigo (or your certificate authority) using the following command.
cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt
Note for Sectigo “Certificate Manager” customers — ensure that you download the x.509 base64 encoded “Certificate Only” along with the Root/Intermediate “Certificate only” files. You can change the .cer formatted files to .crt file extension to complete the process above.
- Copy the Certificate Files.
Store the bundle under the proper folder where Nginx can read it.
mkdir -p /etc/nginx/ssl/example_com/
mv ssl-bundle.crt /etc/nginx/ssl/example_com/
- Copy Your Private Key.
Be sure to place your private key under the correct location, as well.
mv example_com.key /etc/nginx/ssl/example_com/
- Edit Your Nginx Virtual Host Config File.
Ensure that the Nginx configuration file points to the correct location of your private key and cert file.
server {
listen 443;
server_name domainname.com;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/domainname.key;
ssl_prefer_server_ciphers on;
}
- Enable OCSP Stapling Support.
The Online Certificate Status Protocol (OCSP) is how web browsers can determine the validity of an SSL certificate by verifying it with the certificate’s vendor. This verification process, of course, introduces delays in page load speeds. With OCSP stapling, however, the server downloads a copy of the vendor’s response, which it can share with the browser to avoid delays. This can actually help to improve performance speed.
To enable OCSP stapling, set the following in your Nginx SSL configuration file:
## OCSP Stapling
resolver 127.0.0.1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate <file>;
Note: <file> refers to the location and filename of the certificate installed.
- Restart Your Nginx Server.
Once you make the necessary changes to the Nginx SSL config file, you need to restart the server. Your website should now be accessible over HTTPS.
sudo /etc/init.d/nginx restart
79% Off on Sectigo SSL Certificates
Get the lowest prices on trusted SSL certificates from Sectigo. Buy all types of Sectigo SSL certificates like DV, OV, EV, Wildcard, and Multi Domain SSL Certificates.
Shop for Sectigo SSL Certificates