SSL Certificate Installation on Ubuntu with Nginx|SupportPro

Prerequisites

Before you begin, ensure the following requirements are met:

Tools Required: OpenSSL

Operating System: Ubuntu

Web Server: Nginx

Assumptions

You have SSH access to your server. Your domain name is: mydomain.com Required files:

SSL Certificate: mydomain.com.cert

Required files:

SSL Certificate: mydomain.com.cert
Private Key: mydomain.com.key
CSR (Certificate Signing Request): mydomain.com.csr

Step-by-Step Installation Guide

1. Generate a Private Key

Start by creating a 2048-bit RSA private key. Log in to your server via SSH and run:

openssl genrsa -out mydomain.com.key 2048

This will generate the private key file: mydomain.com.key.

2. Generate a Certificate Signing Request (CSR)

Use the private key to generate a CSR:

openssl req -new -key mydomain.com.key -out mydomain.com.csr

You will be prompted to enter the following details:

Country Name (2-letter code)
State or Province
City or Locality
Organization Name
Organizational Unit (optional)
Common Name (your domain, e.g., mydomain.com)
Email Address

Ensure the Common Name matches your domain name exactly.

3. Purchase an SSL Certificate

Submit the generated CSR to a trusted Certificate Authority (CA) such as:

DigiCert
Comodo
Let’s Encrypt

After validation, the CA will issue your SSL certificate (mydomain.com.cert).

4. Verify the Certificate and Private Key

To ensure proper SSL functionality, confirm that the certificate, private key, and CSR match by comparing their MD5 hashes:

openssl x509 -noout -modulus -in mydomain.com.cert | openssl md5
openssl rsa -noout -modulus -in mydomain.com.key | openssl md5
openssl req -noout -modulus -in mydomain.com.csr | openssl md5

All three outputs must be identical.

5. Install the SSL Certificate in Nginx

Copy your SSL files to the Nginx directory:

sudo mkdir -p /etc/nginx/certs
sudo cp mydomain.com.* /etc/nginx/certs/

Open your Nginx virtual host configuration file:

sudo nano /etc/nginx/sites-enabled/mydomain.com

Add the following configuration inside the server {} block:

listen 443 ssl;ssl_certificate /etc/nginx/certs/mydomain.com.cert;
ssl_certificate_key /etc/nginx/certs/mydomain.com.key;

Save the file and restart Nginx:

sudo systemctl restart nginx

Important Notes

Always keep a secure backup of your private key (.key file).
Losing the private key means you must generate a new CSR and reissue the SSL certificate.
Ensure proper file permissions to protect sensitive key files.

Conclusion

Once completed, your SSL certificate will be successfully installed, enabling secure HTTPS connections for your domain. You can verify the installation by visiting: