Securing your website with an SSL certificate is essential for encrypting data and ensuring trust. This guide walks you through converting a Certificate Signing Request (CSR) into an SSL certificate, extracting necessary files, setting up your Nginx server, and verifying SSL installation.
Step 1: Extract Certificates from PFX (if needed)
If you receive your SSL certificate in a .pfx file format, you need to extract the .crt and .key files for Nginx configuration. Use the following commands:
| openssl pkcs12 -in ssltest-bd.ssl.com.pfx -clcerts -nokeys -out ssltest-bd_ssltest_com.crt openssl pkcs12 -in ssltest-bd.ssl.com.pfx -nocerts -nodes -out ssltest-bd_ssltest_com.key |
This will generate:
- ssltest-bd_ssltest_com.crt (SSL Certificate)
- ssltest-bd_ssltest_com.key (Private Key)
Step 2: Create the Chain Certificate
Nginx requires a full chain certificate to function properly. Concatenate the intermediate and root CA certificates using:
| cat ssltest-bd.ssltest.com.interca.crt ssltest-bd.ssltest.com.rootca.crt > ssltest-bd_ssltest_com_chain.crt |
Step 3: Copy Certificates to the Secure Directory
Move the extracted and concatenated certificates to a secure location:
| cp ssltest-bd_ssltest_com.crt /etc/ssl/ cp ssltest-bd_ssltest_com.key /etc/ssl/ cp ssltest-bd_ssltest_com_chain.crt /etc/ssl/ |
Set proper permissions for security:
| chmod 644 /etc/ssl/ssltest-bd_ssltest_com.crt /etc/ssl/ssltest-bd_ssltest_com_chain.crt chmod 600 /etc/ssl/ssltest-bd_ssltest_com.key chown root:root /etc/ssl/* |
Step 4: Update the Nginx SSL Configuration
Create a new configuration file for the SSL-enabled domain:
| nano /etc/nginx/conf.d/ssltest-bd.ssltest.com.conf |
Add the following content:
| server { listen 80; server_name ssltest-bd.ssltest.com; return 301 https://$host$request_uri; # Redirect HTTP to HTTPS } server { listen 443 ssl; server_name ssltest-bd.ssltest.com; root /var/www/ssltest-bd.ssltest.com/public; index index.php index.html index.htm; ssl_certificate /etc/ssl/ssltest-bd_ssltest_com.crt; ssl_certificate_key /etc/ssl/ssltest-bd_ssltest_com.key; ssl_trusted_certificate /etc/ssl/ssltest-bd_ssltest_com_chain.crt; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; keepalive_timeout 70; location / { try_files $uri $uri/ /index.php?$query_string; } location ~ \.php$ { fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_intercept_errors on; fastcgi_index index.php; } error_page 404 /404.html; location = /404.html { root /var/www/ssltest-bd.ssltest.com/public; internal; } access_log /var/log/nginx/ssltest-bd.ssltest.com_access.log; error_log /var/log/nginx/ssltest-bd.ssltest.com_error.log; } |
Step 5: Test and Restart Nginx
Verify the Nginx configuration before restarting:
| nginx -t |
If no errors are detected, restart Nginx to apply the new SSL settings:
| systemctl restart nginx |
Step 6: Verify SSL Installation
Confirm that SSL is correctly installed using OpenSSL:
| openssl s_client -connect ssltest-bd.ssltest.com:443 -servername ssltest-bd.ssltest.com |
Alternatively, check using an online SSL checker such as: 🔗 SSL Checker
Conclusion
Following these steps, you have successfully converted your CSR into an SSL certificate, installed it on an Nginx server, and verified its deployment. Ensuring your SSL is configured correctly enhances security and trustworthiness for users visiting your website.
Reference Links:
- SSL Certificate Provider: GeoCerts
- CSR Generator: Generate CSR
- SSL Installation Guide: Install SSL
By following this guide, you ensure that your website remains secure and compliant with modern encryption standards.