How to generate a new ssl and configure it with nginx
In genral web developemnt, We often need to run our web applications on
https in place of
http for making our applications
more secure. Here is the example and step by step procedure to genrate a new ssl and configure it with nginx.
First step to install the openssl if not installed on your
ubuntu system just run
sudo apt-get install openssl
Generate SSl key:
First you have to create a SSL key file. To do this run the command:
openssl genrsa -out YOUR_KEY_NAME.key 2048
if you want more security you just increase the bit lengh like
If you want to add passphase with the key you can
openssl genrsa -des3 -out YOUR_KEY_NAME.key 2048 and give passpahse when ask.
Create a CSR(Certificate Signing Request) file:
To create a CSR file just run following command:
openssl req -out YOUR_CSR_FILE_NAME.csr -key YOUR_KEY_NAME.key -new -sha256
The above example create a CSR file that you have to submit to your certificate authority to verify SSL. You can validate your CSR
by running the command
openssl req -in YOUR_CSR_FILE_NAME.csr -noout -text.
If your csr file has line
Signature Algorithm: sha256WithRSAEncryption then your CSR file is valid.
Submit your CSR to SSL Authority:
Submit your CSR file to your SSL authority. They will verify CSR and provide the SSL certificates.
Certificates from NameCheap:
If you are purchasing SSL from NameCheap then the certificate include two files:
- .bundle and
- .crt file
Configure it with Nginx:
Now you have to place your
.key file on the server and write following lines in the nginx config file:
ssl on; ssl_certificate CERT_FILE_PATH; ssl_certificate_key CERT_KEY_FILE_PATH;
Restart nginx service:
sudo service nginx restart