Updated on Server Administration Ubuntu

Installing Premium SSL certificate for Nginx Reverse Proxy Domain

Leave a Comment on Installing Premium SSL certificate for Nginx Reverse Proxy Domain

In this article, we’ll learn about creating CSR requests, obtaining SSL certificates from authorized digital certificate providers, and installing them in the domain configured in Nginx.

If you want to learn about getting a free SSL certificate visit this post Installing Free SSL for Nginx Reverse Proxy Domain

To learn more about configuring Nginx Reverse proxy visit this post Configuring NodeJs App to Domain with NGINX Reverse Proxy

Create Certificate Signing Request

Move to the domain home directory or any other location where you want to place the key files. For example: /home/example.com/ssl/

Run the following command to generate the key and CSR file. 

openssl req –new –newkey rsa:2048 –nodes –keyout server.key –out server.csr

Now complete the following prompts as required. 

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:test.example.com
Email Address []:[email protected]

Now two files will be created in the current folder (ssl)

Now copy the content of server.csr file and paste it to the CSR input box in the Certificate Provider panel.

Then follow the instructions from the certificate provider for domain ownership validation like email validation, text file validation, or DNS validation. After that based on the certificate you have requested, business validation will be processed.

After completion of validation, you will receive certificates, mostly as a zip file containing your certificate and certificate bundle. For example

ca_bundle.crt
certificate.crt

You can combine them to create a single file 

cat certificate.crt ca_bundle.crt >> bundle_certificate.crt

Installing the Certificate

Copy the received certificate files to the server (/home/example.com/ssl/)

Now update the nginx site configuration file to use the SSL certificate on port 443 and set redirect for port 80

server {

    server_name example.com;

    location / {
        proxy_pass http://localhost:3001;
        include proxy_params;
    }

    listen [::]:443 ssl;
    listen 443 ssl; 
    ssl_certificate /home/example.com/ssl/bundle_certificate.crt; 
    ssl_certificate_key /home/example.com/ssl/server.key   

}
server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    }

    listen 80;
    listen [::]:80;

    server_name example.com;
    return 404; 
}

Test the configuration

sudo nginx -t

If successful, restart the nginx service. 

sudo service nginx restart

Now you can access the website in your browser and check the certificate with the lock icon.

Please follow and like us:
error
fb-share-icon
Tweet
fb-share-icon

Recommended Articles

Leave a Reply

Your email address will not be published. Required fields are marked *