How To Create SSL Certificate on Nginx for Ubuntu 14.04

Prerequisites

Before starting, you need to setup some basic things on your server. Firstly, you need to setup a user account for Ubuntu 14.04. After this, you need to install Nginx web server. In order to install the Nginx web server, you need the following command:

sudo apt-get update

sudo apt-get install nginx

Steps

1. To start with, create a directory, which is used to hold all of the SSL information. This needs to be created under the Nginx configuration directory:

sudo mkdir /etc/nginx/ssl

Now, as we have a defined location to place the files, we can create the SSL key and the certificate files in one motion by using the following command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

In the command, which we have issued, there are certain options that will create both a key file and a certificate.

  • OpenSSL: This is the primary command line tool, which is used to create and manage OpenSSL certificates, keys and other files. 
  • req: This subcommand defines that we need to use X.509 Certificate Signing Request (CSR) management.
  • -x509: It is used to modify the previous subcommand by stating the utility that we need to make a self-signed certificate, rather than generating a certificate signing request, as would normally happen.
  • -nodes: This command tells the OpenSSL to pass over the option to secure the certificate with a passphrase. When the server starts up, we need Nginx to be able to read the file, without user intervention. A passphrase would prevent this from happening.
  • -days 365: This command option defines the length of time within which the certificate will be considered valid. We set it for one year here.
  • -newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
  • -keyout: It tells OpenSSL where to place the created private key file.
  • -out: This command tells OpenSSL where to put the certificate that we are creating.

Now, there are certain questions that we are asked about the server in order to insert the information correctly in the certificate. Among all the prompts, the most significant line is the one that demands for the Common Name. You are required to enter the domain name that you want to be associated with your server. Moreover, if you do not have a domain name, you can enter the public IP address.

Questions in the prompts will look like in the following manner:

Country Name (2 letter code)

State or Province Name (full name) [Some-State]

Locality Name

Organization Name

Organizational Unit Name (section name)

Common Name (e.g. server FQDN or YOUR name)

Email Address

Both the files that you have created will be placed in the /etc/nginx/ssl directory.

 

2. Configure Nginx to Use SSL

As if we have created the key and certificate files under the Nginx configuration directory, we are now required to modify our Nginx configuration in order to take maximum advantages by simply adjusting the server block files.

Nginx versions 0.7.14 and above (Ubuntu 14.04 ships with version 1.4.6) can enable SSL within the same server block as regular HTTP traffic. This permits allows us to configure access to the same site in a much more concise and compact manner.

Your server block may look in the following manner:

server {

        listen 80 default_server;

        listen [::]:80 default_server ipv6only=on;

        root /usr/share/nginx/html;

        index index.html index.htm;

        server_name your_domain.com;

        location / {

                try_files $uri $uri/ =404;

        }

}

The only thing that is required to make SSL working on the same server block is to add the below stated lines:

server {

        listen 80 default_server;

        listen [::]:80 default_server ipv6only=on;

        listen 443 ssl;

        root /usr/share/nginx/html;

        index index.html index.htm;

        server_name your_domain.com;

        ssl_certificate /etc/nginx/ssl/nginx.crt;

        ssl_certificate_key /etc/nginx/ssl/nginx.key;

 

        location / {

                try_files $uri $uri/ =404;

        }

}

when you are done with this, save and close the file.

Now, you need to restart Nginx to use new settings:

sudo service nginx restart

This will reload the site configuration. Now, allow it to respond to HTTP as well as HTTPS (SSL) requests. 

Was this answer helpful?

 Print this Article

Also Read

How to Install and Configure CSF (Config Server Firewall)

Installation Process of CSF cd /usr/src rm -fv csf.tgz wget...

How to Install MySQL Server on CentOS

Here, we will illustrate the basic installation of MySQL database server on CentOS Linux. Note:...

How To Install Plesk on Centos

Step 1: Install all necessary packages (for CentOS)   yum install wget Step 2: Start Plesk...

Powered by WHMCompleteSolution