Applying and Installing An SSL Certificate for Nginx
Nowadays it is common to have your website encrypted, and then it is neccessary to applying a SSL Certificate for your site. Here is the general procedure to applying and install a SSL Certificate.
A. Apply A SSL Certificate
First of all, you need to have openssl installed on your system. You can easily install it via package manager like
apt on ubuntu or
yum on centos if not installed.
### ubunt or debian
A.1 Generate the RSA key
mkdir tmp && cd tmp
A.2 Create a CSR
openssl req -new -sha256 -key domain.tld.key -out domain.tld.csr
You need to provide the following information:
- Common Name: www.domain.tld for single domain and *.domain.tld for a wildcard certificate
- Organization: The exact legal name of your company or organization. domain.tld will be fine
- City or Locality: the city where you are
- State or Province: the state or province you stay in.
- Contry: the two-letter ISO abbreviation for your country.
In the end before generating your csr, you will be ask to enter the challenge password, leaving it blank by just pressing enter.
A.3 Verify your CSR
Before submitting your CSR to your ssl certificate provider, you might have to verify your CSR just in case any error accuring.
openssl req -noout -text -in domain.tld.csr
A.4 Submit Your CSR
If no error when verifying the CSR, you can now submit it to your certificate authority. You should have the
email@example.com mail address accessible to receive the approval email.
B. Install your SSL Certificate
After get your SSL Certificate, you can then deploy it on your web server.
You might need to decrypt your private key for following installation:
openssl rsa -in domain.tld.key -out domain.tld.decrypted.key
In the following, you need your decrypted privated key, and you should keep it away from others.
And add the following to your server block after
listen 443 ssl http2;