Knowledgebase
nginx server Print this Article
To install the certificate, a Root SSL is needed, a Intermediate SSL, and domain/page SSL.
Combine 3 certificates in one file
Note: There is more than one method to combine it. Before you start, make sure which file is the Root, Intermediate and domain SSL. The file names used here are just examples.
1. If you have the individual certificate files (eg. AddTrustExternalCARoot.crt):
A) using the 'cat' command (Unix and Unix-like Operating Systems),
- Syntax: cat Device/Entity Cert Intermediates Root >> ssl-bundle.crt
- example: cat www_yourdomain_com.crt IntermediateCA.crt CARoot.crt >> ssl-bundle.crt
B) using a text editor:
- copy files in the following order: domain/page SSL, Intermediate, Root.
- save file as ssl-bundle.crt
2. If you have a .crt and .ca-bundle files:
A) use a cat command (Unix and Unix-like Operating Systems),
- Syntax: cat Device/Entity Cert Bundle
- example: cat www_yourdomain_com.crt www_yourdomain_com.ca-bundle >> ssl-bundle.crt
B) using a text editor:
- copy the content of www_yourdomain_com.crt before the content of www_yourdomain_com.ca-bundle
- save it as ssl-bundle.crt
Host configuration
Move the ssl-bundle.crt file to directory with all certificates files, e.g. /etc/ssl/certs/
Create or modify website site configuration file in /etc/nginx/sites-available/ or /usr/local/nginx/sites-available/
Ensure that the following options are set:
ssl option
listen with 443,
the location of SSL: ssl_certificate
the location of private key: ssl_certificate_key
* Optional: you can set the following:
-- ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM; #Disables all weak ciphers
-- ssl_protocols SSLv3 TLSv1; #enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
Example of an SSL configured Virtual Host:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/mysite_com.crt;
ssl_certificate_key /etc/ssl/private/mysite.key;
#enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
ssl_protocols SSLv3 TLSv1;
#Disables all weak ciphers
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
server_name mysite.com;
}
Combine 3 certificates in one file
Note: There is more than one method to combine it. Before you start, make sure which file is the Root, Intermediate and domain SSL. The file names used here are just examples.
1. If you have the individual certificate files (eg. AddTrustExternalCARoot.crt):
A) using the 'cat' command (Unix and Unix-like Operating Systems),
- Syntax: cat Device/Entity Cert Intermediates Root >> ssl-bundle.crt
- example: cat www_yourdomain_com.crt IntermediateCA.crt CARoot.crt >> ssl-bundle.crt
B) using a text editor:
- copy files in the following order: domain/page SSL, Intermediate, Root.
- save file as ssl-bundle.crt
2. If you have a .crt and .ca-bundle files:
A) use a cat command (Unix and Unix-like Operating Systems),
- Syntax: cat Device/Entity Cert Bundle
- example: cat www_yourdomain_com.crt www_yourdomain_com.ca-bundle >> ssl-bundle.crt
B) using a text editor:
- copy the content of www_yourdomain_com.crt before the content of www_yourdomain_com.ca-bundle
- save it as ssl-bundle.crt
Host configuration
Move the ssl-bundle.crt file to directory with all certificates files, e.g. /etc/ssl/certs/
Create or modify website site configuration file in /etc/nginx/sites-available/ or /usr/local/nginx/sites-available/
Ensure that the following options are set:
ssl option
listen with 443,
the location of SSL: ssl_certificate
the location of private key: ssl_certificate_key
* Optional: you can set the following:
-- ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM; #Disables all weak ciphers
-- ssl_protocols SSLv3 TLSv1; #enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
Example of an SSL configured Virtual Host:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/mysite_com.crt;
ssl_certificate_key /etc/ssl/private/mysite.key;
#enables SSLv3/TLSv1, but not SSLv2 which is weak and should no longer be used.
ssl_protocols SSLv3 TLSv1;
#Disables all weak ciphers
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
server_name mysite.com;
}
Was this answer helpful?
Related Articles
SSL Installations
SSL installation depends on the type of server you are securing. Please select below the server...
SSL installation depends on the type of server you are securing. Please select below the server...
Apache (with mod_ssl)
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Installing SSL certificate on Apache with mod_ssl To install certificate you need 2...
Apple Mac OS X Server
Log in to admin server as a root. Create a folder /etc/httpd/ssl.crt/ (if it does not exist)....
Log in to admin server as a root. Create a folder /etc/httpd/ssl.crt/ (if it does not exist)....
Barracuda VPN server
Installing SSL certificate on Barracuda VPN serverImport CertificatesFrom the appliance web...
Installing SSL certificate on Barracuda VPN serverImport CertificatesFrom the appliance web...
Cisco ACS Server
Note: If the domain/site certificate is created using CA certificate, you need to repeat steps...
Note: If the domain/site certificate is created using CA certificate, you need to repeat steps...
