Ubuntu 14.04 OpenSSL with Nginx – Generate & Install SSL certificate

Not the best guide, but some handy links I use to Generate and Install an SSL-certfificate with OpenSSL in NginX.

Generate OpenSSL Request:

Order an SSL-certificate with the CSR

Then, when you received bundle plus CRT:

Restart NGINX:

Using TransIP SSL-certificates

When using TransIP SSL-certificates you get a decrypted zip SSL-certificate (if you choose for standard mode instead of advanced mode).

These contains:

  • cabundle.crt
  • certificate.crt
  • certficate.key
  • certificate.p7b (you don’t need this one)

Open cabundle.crt, remove the first certificate (that is a root certificate and will give chain issues: an ‘anchor issue’ in SSL Labs). Then, swap the order of the two certificates of the bundle, else SSL Labs will give a chain issue: incorrrect order. Then, concatenate the certificate.crt (first) with the new cabundle.crt (second).

Then insert the concatenated crt file + the key on the server and insert them in NGINX:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.yourdomain.nl yourdomain.nl;
    ssl on;
    ssl_certificate /home/forge/ssl/domain1/20172018_cert_chain.crt;
    ssl_certificate_key /home/forge/ssl/domain1/20172018key.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

When creating your certificate you can concatenate certificate.crt with cabundle.crt .

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top