How To Install A Wildcard SSL Certificate On Nginx

Step-by-step instructions for installing a Wildcard certificate on Nginx

Nginx is one of the most popular web servers around, and installing your Comodo Wildcard SSL certificate on Nginx is simple. Once your wildcard SSL certificate is installed, it will automatically secure all of your subdomains. And thanks to Comodo’s unlimited server license, you can install your certificate on as many servers as needed.

Just follow the steps included in this guide and your SSL certificate will be installed in no time.

Before You Start

Before you start the installation process, you’ll need to purchase a wildcard SSL certificate. You can save 50-70% off retail (what web hosts charge) by purchasing direct.

Comodo Wildcard Certificates – Save Up To 72%

Save a bunch when you buy your wildcard certificate direct. Get a Comodo Wildcard Certificate for less than $80 per year.
Compare Wildcard Certificates

Phase 1 – Creating a CSR on Nginx

The first step in installing a wildcard SSL certificate on Nginix is generating the certificate signing request (CSR). You’ll need this before you can get your SSL certificate issued.

1. To create your Certificate Signing Request (CSR) you will need to connect to your server using SSH under a privileged user such as root.Note: Not certain which SSH client to use to connect? The team at the ComodoSSLStore recommends Putty due to it’s vast compatibility across all operating systems.
2. After making a successful connection, your terminal should be similar to the below.
3. Proceed with typing or copying the following snippet of code into terminal and hit enter.

   openssl req –new –newkey rsa:2048 –nodes –keyout (server).key –out (server).csr

   Note: (Server) should be changed out for what you wish to call your Certificate Signing Request (CSR) and Private Key.

   After hitting enter, there should be some additional line items that will require you to type your information prior to getting your Certificate Signing Request (CSR) and Private Key. Because you’re installing a wildcard SSL certificate, the hostname (FQDN) you enter should look like this: *.mydomain.com

4. Upon completion, the Certificate Signing Request (CSR) and Private Key will saved in user directory of the user you have logged in as (in our case root), and can be accessed while logged into the user by either a File Transfer Protocol (FTP) client or by running the command below in terminal.

   nano (sever).csr

5. Copy the entire contents from the terminal window. Be sure to include the “—–BEGIN CERTIFICATE—– ” and”—–END CERTIFICATE—– ” portion.

Now that you have your Certificate Signing Request (CSR) copied, you are free to begin generating your SSL Certificate. After you have successfully generated and validated your SSL Certificate, please feel free to continue with the second half of our guide which will walk you through the process of installing your newly issued SSL Certificate.

Phase 2 – Install and Configure your Wildcard SSL Certificate

After completion of Comodo’s validation, your SSL Certificate will be issued out and emailed to the technical contact ready to be installed. You can now begin the process to actually install the wildcard SSL certificate on Nginix.

If you are not the technical contact on the order no worries, you can download the SSL Certificate bundle including the Certificate and Intermediates within your account at ComodoSSLStore.com.

Once you have obtained your SSL Certificate through the means above, follow these steps:

1. Connect to the original server in which you have generated the Certificate Signing Request (CSR) via File Transfer Protocol (FTP) or SSH.
2. Copy all the files in the package from the Comodo to your server along with the Private Key to the appropriate directories.Best practice recommends placing the certificate files in the directory “/etc/ssl” on your server.
3. Proceed to combine your Primary SSL Certificate (your_domain.crt) and your Intermediate Certificates by running the following command. cat your_domain_name.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt >> bundle.crt
4. Now it’s time to edit your Nginix virtual host files (unless renamed it would be nginx.conf) and amend the text to include a virtual host port 443 for your website as seen below.

   listen 443;

   Note: If there is currently no virtual host record for port 443, you can copy the record for port 80 and modify the port to 443.

5. In addition to adding the virtual host record for port 443, you will need to add the following snippets;

   ssl on;
   ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
   Ssl_certificate_key /etc/ssl/your_domain_name.key;

6. After adding the above snippets, your configuration should appear similar to below.

   server {
   
   listen 443;
   
   ssl on;
   ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
   ssl_certificate_key /etc/ssl/your_domain_name.key;
   
   server_name your.domain.com;
   access_log /var/log/nginx/nginx.vhost.access.log;
   error_log /var/log/nginx/nginx.vhost.error.log;
   location / {
   root /home/www/public_html/your.domain.com/public/;
   index index.html;
   }
   }

7. To enable your SSL Certificate now you will now need to restart the Nginx web server to apply the changes. After restarting your SSL Certificate should now be active and securing your website.

That’s all there is to it! Your Wildcard SSL Certificate is now installed in Nginx.