Ubuntu 14.04 OpenSSL with Nginx – Generate & Install SSL certificate

Not the best guide, but some handy links I use to Generate and Install an SSL-certfificate with OpenSSL in NginX.

Generate OpenSSL Request:
https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx

Order an SSL-certificate with the CSR

Then, when you received bundle plus CRT:
https://www.namecheap.com/support/knowledgebase/article.aspx/9419//installing-a-certificate-on-nginx

Restart NGINX:
https://www.cyberciti.biz/faq/nginx-restart-ubuntu-linux-command/

Using TransIP SSL-certificates

When using TransIP SSL-certificates you get a decrypted zip SSL-certificate (if you choose for standard mode instead of advanced mode).

These contains:

  • cabundle.crt
  • certificate.crt
  • certficate.key
  • certificate.p7b (you don’t need this one)

Open cabundle.crt, remove the first certificate (that is a root certificate and will give chain issues: an ‘anchor issue’ in SSL Labs). Then, swap the order of the two certificates of the bundle, else SSL Labs will give a chain issue: incorrrect order. Then, concatenate the certificate.crt (first) with the new cabundle.crt (second).

Then insert the concatenated crt file + the key on the server and insert them in NGINX:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    server_name www.yourdomain.nl yourdomain.nl;
    
    ssl on;
    ssl_certificate /home/forge/ssl/domain1/20172018_cert_chain.crt;
    ssl_certificate_key /home/forge/ssl/domain1/20172018key.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
}

When creating your certificate you can concatenate certificate.crt with cabundle.crt .

Leave a Reply

Your email address will not be published.