How to generate a new ssl and configure it with nginx | Ram Laxman Yadav

How to generate a new ssl and configure it with nginx

Hello There, In genral web developemnt, We often need to run our web applications on https in place of http for making our applications more secure. Here is the example and step by step procedure to genrate a new ssl and configure it with nginx.

Install dependencies:

First step to install the openssl if not installed on your ubuntu system just run

  • sudo apt-get install openssl

Generate SSl key:

First you have to create a SSL key file. To do this run the command:

  • openssl genrsa -out YOUR_KEY_NAME.key 2048

if you want more security you just increase the bit lengh like 4096. If you want to add passphase with the key you can run command openssl genrsa -des3 -out YOUR_KEY_NAME.key 2048 and give passpahse when ask.

Create a CSR(Certificate Signing Request) file:

To create a CSR file just run following command:

  • openssl req -out YOUR_CSR_FILE_NAME.csr -key YOUR_KEY_NAME.key -new -sha256

The above example create a CSR file that you have to submit to your certificate authority to verify SSL. You can validate your CSR by running the command openssl req -in YOUR_CSR_FILE_NAME.csr -noout -text.

If your csr file has line Signature Algorithm: sha256WithRSAEncryption then your CSR file is valid.

Submit your CSR to SSL Authority:

Submit your CSR file to your SSL authority. They will verify CSR and provide the SSL certificates.

Certificates from NameCheap:

If you are purchasing SSL from NameCheap then the certificate include two files:

  • .bundle and
  • .crt file

Configure it with Nginx:

Now you have to place your .crt and .key file on the server and write following lines in the nginx config file:

    ssl on;
    ssl_certificate CERT_FILE_PATH;
    ssl_certificate_key CERT_KEY_FILE_PATH;

Restart nginx service:

sudo service nginx restart

Ram Laxman Yadav
Ram Laxman Yadav
Ruby on Rails Developer