Installing a Comodo PositiveSSL Certificate on Nginx
A Step-by-Step Guide on Installing a Comodo PositiveSSL Certificate on Nginx
Comodo SSL offers a high level of web security by allowing you to encrypt communication between your website and its visitors. Having an SSL Certificate is one of the best ways to boost your brand value as well as your Google ranking.
If you are looking for directions on the installation of an SSL Certificate on Nginx, then you’ve come to the right place! Here’s how to install PositiveSSL on Nginx
- In order to set up a Comodo Positive SSL Certificate on Nginx, you need to make sure that you have Nginx fully installed on your system.
- Now you have to generate your private key and CSR (Certificate Signing Request). A CSR is required to order an SSL Certificate.
openssl req -new -newkey rsa:2048 -nodes -keyout domainname_com.key
You will have two files:
- domainname_com.key — your Private Key. You’ll need this later to configure Nginx.
- domainname_com.csr — Your CSR file.
- Once, you have created a private key and CSR, it’s time to purchase an SSL Certificate. As you complete the order process, you will get an email containing a zip file with following:
- Root CA Certificate – AddTrustExternalCARoot.crt
- Intermediate CA Certificate – COMODORSAAddTrustCA.crt
- Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
- Your PositiveSSL Certificate – www_domainname_com.crt (or the subdomain you gave them)
- Combine all multiple files into a single file. It is essential for Nginx to combine all files in a single file. The certificate for your domain should be listed in the file which is followed by the chain of CA certificates.Note: If you have the individual certificate file, than you can combine all files using CAT commands (found on Unix and Unix-like Operating Systems)Syntax: cat Device/Entity Cert Intermediates (reverse order) Root > ssl-bundle.crt
Example Syntax: cat www_domainname_com.crt ComodoHigh-AssuranceSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
If you have a .crt and .ca-bundle, use following cat command to gather all files:
Syntax: cat Device/Entity Cert Bundle
Example Syntax: cat www_domainname_com.crt www_domainname_com.ca-bundle > ssl-bundle.crt
You can also combine all files using a GUI based text editor
- Copy contents of: ‘www_domainname_com.crt’ into ‘www_domainname_com.ca-bundle’ on top of the existing text.
- Save new file as ssl-bundle.crt.
- Nginx virtual host configurationFollow this simple process to configure your Nginx Virtual Host:
- Transfer newly created ssl-bundle.crt to where you’re saving cert files. (e.g. /etc/ssl/certs/ for Ubuntu users & /user/local/SSL/certs for windows users)
- Make or edit configuration file of your website, which may be found in following: etc/nginx/sites-available/ /usr/local/nginx/sites-available/
- Make sure you are following the options below on the configuration file:
- Set ‘ssl’ to on.
- Set ‘listen’ to your SSL port; typically 443.
- Set ‘ssl_certificate’ to the location of your newly made ssl-bundle.crt file.
- Set ‘ssl_certificate_key’ to the location of your private key.
If the all options are put correctly than it will appear as:
- Restart Nginx.
Save Up to 75% On
Comodo SSL Certificates
Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo SSL certificates at up to 75% off.