We learnt from our previous articles, how to install, configure and run nginx on RHEL/CentOS. Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites. Today we’ll learn how to install SSL certificate and configure nginx to host SSL enabled website. Its not hard to install and configure, but requires a few steps to complete the task, which we would see today.
Step 1: Install OpenSSL
To implement the Secure Socket Layer(SSL) and Transport Layer Security(TLS) protocols, OpenSSL, an open source toolkit is a must. Follow this guide to install OpenSSL.
Step 2: SSL Certificate
There are 2 primary types of certificates : Third Party Certificates and Self-Signed Certificates.
Third Party Certificates
You can purchase certificates from a trusted third-party certificate authority such as Verisign, Twate, Entrust, etc., The advantage of using third party certificates is that, the certificate is automatically trusted by client computer and mobile devices, which greatly simplifies deployment.
Self-Signed Certificates
If your site is not so critical, then you can use self-signed certificates. A self-signed certificate is an identity certificate that is signed by the same identity whose identity it certifies.
Also Read : 20 OpenSSL Commands Examples that you must know
Step 3: Generate self-signed SSL Certificate
If you don’t want to deal with another certificate authority, or just want to create a test certificate for yourself then use self-signed certificate(Not recommended for production sites). Let’s use self-signed certificate for this tutorial. Run the below command on your server and follow the instructions:
#openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout techglimpse.com.key -out techglimpse.com.crt
Find the usage example in the below video:
Step 4: Install the self-signed SSL certificate in Nginx
Create the ssl.key and ssl.crt directory in your nginx default configration directory : /etc/nginx. Now move the self-signed SSL certificates just generated with the below commands:
#mv techglimpse.com.key /etc/nginx/ssl.key/ #mv techglimpse.com.crt /etc/nginx/ssl.crt/
Step 5: How to configure SSL support in nginx
Now that we have installed SSL certificate, nginx has to be configured for SSL support. Inside the server block configuration in /etc/nginx/conf.d/default.conf file, add the below lines of code:
listen 443; ssl on; ssl_certificate /etc/nginx/ssl.crt/techglimpse.com.crt; ssl_certificate_key /etc/nginx/ssl.key/techglimpse.com.key;
The above lines enable SSL to listen to port 443 and then set the crt and key files location.
Step 6: Restart the nginx service
Restart nginx service to apply the changes. Then open the browser and browse an ssl page to test your SSL site using : https://yoursite.com/