Installing a Comodo PositiveSSL Certificate on Nginx

A Step-by-Step Guide on Installing a Comodo PositiveSSL Certificate on Nginx

Comodo SSL offers a high level of web security by allowing you to encrypt communication between your website and its visitors. Having an SSL Certificate is one of the best ways to boost your brand value as well as your Google ranking.

If you are looking for directions on the installation of an SSL Certificate on Nginx, then you’ve come to the right place! Here’s how to install PositiveSSL on Nginx

1. In order to set up a Comodo Positive SSL Certificate on Nginx, you need to make sure that you have Nginx fully installed on your system.
2. Now you have to generate your private key and CSR (Certificate Signing Request). A CSR is required to order an SSL Certificate.

   openssl req -new -newkey rsa:2048 -nodes -keyout domainname_com.key 
   -out domainname_com.csr

   You will have two files:

   • domainname_com.key — your Private Key. You’ll need this later to configure Nginx.
   • domainname_com.csr — Your CSR file.
3. Once, you have created a private key and CSR, it’s time to purchase an SSL Certificate. As you complete the order process, you will get an email containing a zip file with following:
   • Root CA Certificate – AddTrustExternalCARoot.crt
   • Intermediate CA Certificate – COMODORSAAddTrustCA.crt
   • Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
   • Your PositiveSSL Certificate – www_domainname_com.crt (or the subdomain you gave them)
4. Combine all multiple files into a single file. It is essential for Nginx to combine all files in a single file. The certificate for your domain should be listed in the file which is followed by the chain of CA certificates.Note: If you have the individual certificate file, than you can combine all files using CAT commands (found on Unix and Unix-like Operating Systems)Syntax: cat Device/Entity Cert Intermediates (reverse order) Root > ssl-bundle.crt
   Example Syntax: cat www_domainname_com.crt ComodoHigh-AssuranceSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

    

   If you have a .crt and .ca-bundle, use following cat command to gather all files:

   Syntax: cat Device/Entity Cert Bundle
   Example Syntax: cat www_domainname_com.crt www_domainname_com.ca-bundle > ssl-bundle.crt

   You can also combine all files using a GUI based text editor

   • Copy contents of: ‘www_domainname_com.crt’ into ‘www_domainname_com.ca-bundle’ on top of the existing text.
   • Save new file as ssl-bundle.crt.
5. Nginx virtual host configurationFollow this simple process to configure your Nginx Virtual Host:
   1. Transfer newly created ssl-bundle.crt to where you’re saving cert files. (e.g. /etc/ssl/certs/ for Ubuntu users & /user/local/SSL/certs for windows users)
   2. Make or edit configuration file of your website, which may be found in following: etc/nginx/sites-available/ /usr/local/nginx/sites-available/
   3. Make sure you are following the options below on the configuration file:
      • Set ‘ssl’ to on.
      • Set ‘listen’ to your SSL port; typically 443.
      • Set ‘ssl_certificate’ to the location of your newly made ssl-bundle.crt file.
      • Set ‘ssl_certificate_key’ to the location of your private key.

   If the all options are put correctly than it will appear as:

   server {
   listen 443;
   server_name domainname.com;
   ssl on;
   ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
   ssl_certificate_key /etc/ssl/private/domainname.key;
   ssl_prefer_server_ciphers on;
   }
   

6. Restart Nginx.