SSL Configuration on linux with nginx

Steps to configure SSL Certificate

In this post, we are going to understand how to configure SSL certificate on linux server with Nginx WebServer and also we are going to see how to generate CSR and Key? and how to use this CSR to download SSL certificate from Godaddy? 

If your not aware of how to buy ssl certificate follow below link.

Generate CSR Certificate on Server :

Step 1 : First login to your server and make sure ssl commands are already installed on your server if not please install Openssl command on your server which help to generate CSR.

 

Let’s understand first what is csr in short?

  • CSR Or Certificate Signing Request is a block of encrypted text which is generated on server. It will contains information such as Organization name, common name, locality etc.

Go to your server terminal and hit the below commands to generates CSR and Key. Before this make sure you have directory where we store all ssl certificates.

  • cd /etc/nginx/
  • mkdir ssl_certs
  • cd ssl_certs

First we create Key which is then used to generate CSR Certificate.

  • openssl genrsa -out www.website.com.key 2048
  • openssl req -new -key www.website.com.key -out www.website.com.csr

 

When generating CSR, we need to feel up the information which is very important otherwise godaddy csr verification process will be rejecting your ssl if information is wrong.

Below is the information needed to generate CSR :

  • Country Name (2 letter code) [AU]:
  • State or Province Name (full name) [Some-State]:
  • Locality Name (eg, city) []
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]:
  • Organizational Unit Name (eg, section) []:
  • Common Name (e.g. server FQDN or YOUR name) []:
  • Email Address []:

 

Note : In Common Name section give your website name for which you want ssl certificate.

 

Step 2 : Now we check MD5 No. of CSR and Key. This MD5 no. must be matching if no. is not match then you need to generate csr and key again with proper info.

Command to check MD5 No.

TO CHECK KEY : openssl rsa -noout -modulus -in www.website.com.key | openssl md5

TO CHECK CSR : openssl req -noout -modulus -in www.website.com.csr | openssl md5

 

Step 3 : Now we will submit CSR certificate on godaddy panel. Click on Set up button after this godaddy will be submit ssl in your account then click on Manage button.

Please refer below screenshot for more understanding.

ssl-setup

Step 4 : Now copy the CSR certificate from your server. Use below command to copy csr from the server.

  • cat www.website.com.csr

Copy the encrypted text and paste it under the csr submit box on GoDaddy panel.

 

Step 5 : After submitting CSR on GoDaddy. They will start the verification process of your domain for which you purchased SSL certificate.

For verification, godaddy will generate one .html file that file we need to put or store under the document root of the website on the server.

ssl-csr-verification

With help of this .html file, they will verify your domain name. Once the verification process complete you will get the SSL Certificate for download.

Please check below screenshot for reference.

ssl-download
ssl-zip-file

Note : Refresh the browser page if verification progress showing stuck. After refreshing page, you will see that verification process is completed successfully

 

Step 6 : Download this zip file and unzip it on server below path where we generated CSR.

  • cd /etc/nginx/ssl_certs
  • unzip sslcert.zip

After unzipping file we will get below files. We merged these files to create final SSL certificate for use.

  • 12552dc03.crt
  • gd_bundle-g2-g1.crt

Merge above two files and create the .crt file.

 

Step 7 : Now we use this certificate under Nginx configuration file and restart the Nginx service.

 

Vim /etc/nginx/nginx.conf
#Add below block in your nginx.conf file or create seprate .conf file as per your requirement.
server {
  listen 443 ssl;
  root  /mnt/data/website;
  server_name  website.com www.website.com;
  access_log  /var/log/nginx/access_website_SSL.log main;
  error_log /var/log/nginx/error_website_SSL.log;
  client_max_body_size 200M;
  client_header_buffer_size 32k;
  large_client_header_buffers 8 32k;

#SSL Configuration
      ssl on;
      ssl_certificate    /etc/nginx/ssl_certs/www.website.com.final.crt;
      ssl_certificate_key /etc/nginx/ssl_certs/www.website.com.key;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers      AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
      ssl_prefer_server_ciphers on;

}

 

That’s it your SSL certificate configuration has been done.

 

I hope you like the post and understand very well.

If you have any doubts or queries regarding this post please give comment under the comment box.

Checkout below links more useful commands on SSL for your reference.

Thank You 🙂

Latest Comments
  1. Ravi Kumar October 10, 2016
  2. Arun November 27, 2016
  3. Vikram December 16, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *