Not the best guide, but some handy links I use to Generate and Install an SSL-certfificate with OpenSSL in NginX.
Generate OpenSSL Request:
https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx
Order an SSL-certificate with the CSR
Then, when you received bundle plus CRT:
https://www.namecheap.com/support/knowledgebase/article.aspx/9419//installing-a-certificate-on-nginx
Restart NGINX:
https://www.cyberciti.biz/faq/nginx-restart-ubuntu-linux-command/
Using TransIP SSL-certificates
When using TransIP SSL-certificates you get a decrypted zip SSL-certificate (if you choose for standard mode instead of advanced mode).
These contains:
- cabundle.crt
- certificate.crt
- certficate.key
- certificate.p7b (you don’t need this one)
Open cabundle.crt, remove the first certificate (that is a root certificate and will give chain issues: an ‘anchor issue’ in SSL Labs). Then, swap the order of the two certificates of the bundle, else SSL Labs will give a chain issue: incorrrect order. Then, concatenate the certificate.crt (first) with the new cabundle.crt (second).
Then insert the concatenated crt file + the key on the server and insert them in NGINX:
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.yourdomain.nl yourdomain.nl; ssl on; ssl_certificate /home/forge/ssl/domain1/20172018_cert_chain.crt; ssl_certificate_key /home/forge/ssl/domain1/20172018key.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; }
When creating your certificate you can concatenate certificate.crt with cabundle.crt .