- \n
- Domain names should be registered in order to serve the certificates by SNI.<\/li>\n\n\n\n
- Root Privileges to the server.<\/li>\n\n\n\n
- Nginx should already be installed and running on your VPS<\/li>\n<\/ol>\n\n\n\n
To install Nginx:<\/strong><\/p>\n\n\n\n
# sudo apt-get install nginx<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
Make sure that SNI is enabled in the server<\/strong><\/p>\n\n\n\n
# nginx -V ; which displays the version and the status.<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
Set up Process<\/h2>\n\n\n\n
1. Create the SSL certificate Directory<\/h3>\n\n\n\n
For easy understanding, I will be working to create a server that hosts both example.com and example.org.<\/p>\n\n\n\n
The SSL certificate has 2 parts main parts: the certificate itself and the public key. We should create a directory for each virtual hosts SSL certificate.<\/p>\n\n\n\n
# mkdir -p \/etc\/nginx\/ssl\/example.com\n# mkdir -p \/etc\/nginx\/ssl\/example.org<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
2. Create the Server Key and Certificate Signing Request<\/h3>\n\n\n\n
First, we create SSL certificate for example.com<\/p>\n\n\n\n
# cd \/etc\/nginx\/ssl\/example.com<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
Now, create the private server key. You will be asked to enter a pass-phrase, which is needed later to access the certificate.<\/p>\n\n\n\n
# sudo openssl genrsa -des3 -out server.key 1024<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
Create certificate signing request :<\/p>\n\n\n\n
# sudo openssl req -new -key server.key -out server.csr<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
This will prompt terminal to display a lists of fields that need to be filled in.<\/p>\n\n\n\n
3. Remove the Passphrase<\/h3>\n\n\n\n
We need to remove the passphrase. Although having the passphrase in place does provide heightened security, the issue starts when one tries to reload nginx. In the event that nginx crashes or needs to reboot, you will always have to re-enter your passphrase to get your entire web server back online.<\/p>\n\n\n\n
# sudo cp server.key server.key.org\n# sudo openssl rsa -in server.key.org -out server.key<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
4. Sign your SSL Certificate<\/h3>\n\n\n\n
# sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
This certificate will expire after one year.<\/p>\n\n\n\n
We have done with the certificate in the first host.<\/p>\n\n\n\n
To create the certificate in the first host : switch the directory<\/p>\n\n\n\n
# cd \/etc\/nginx\/ssl\/example.org<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
Repeat the previous three steps for the second certificate. Once it is finished, we can start adding the certificates to your virtual hosts.<\/p>\n\n\n\n
5. Create the Virtual Hosts<\/h3>\n\n\n\n
Once we have the certificates saved, we can add in our information in the virtual host file.<\/p>\n\n\n\n
server {\nlisten 443;\n\nserver_name example.com;\n\nroot \/usr\/share\/nginx\/www;\n\nindex index.html index.htm;\n\nssl on;\n\nssl_certificate \/etc\/nginx\/ssl\/example.com\/server.crt;\n\nssl_certificate_key \/etc\/nginx\/ssl\/example.com\/server.key;\n\n}<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
Each file will then contain the virtual host configuration as follows:<\/p>\n\n\n\n
server {\nlisten 443;\n\nserver_name example.com;\n\nroot \/usr\/share\/nginx\/www;\n\nindex index.html index.htm;\n\nssl on;\n\nssl_certificate \/etc\/nginx\/ssl\/example.com\/server.crt;\n\nssl_certificate_key \/etc\/nginx\/ssl\/example.com\/server.key;\n\n}<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
Make sure that you have updated server_name, ssl_certificate, and ssl_certificate_key lines to match your details.<\/p>\n\n\n\n
Do the same for the second account :<\/p>\n\n\n\n
# sudo nano \/etc\/nginx\/sites-available\/example.org<\/code><\/pre>\n\n\n\nserver {\nlisten 443;\n\nserver_name example.org;\n\nroot {Specify the document root for example.org};\n\nindex index.html index.htm;\n\nssl on;\n\nssl_certificate \/etc\/nginx\/ssl\/example.org\/server.crt;\n\nssl_certificate_key \/etc\/nginx\/ssl\/example.org\/server.key;\n\n}<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
6. Activate the Virtual Hosts<\/h3>\n\n\n\n
Now, activate the hosts by creating a symbolic link between the sites-available directory and the sites-enabled directory.<\/p>\n\n\n\n
# sudo ln -s \/etc\/nginx\/sites-available\/example.com \/etc\/nginx\/sites-enabled\/example.com\n# sudo ln -s \/etc\/nginx\/sites-available\/example.org \/etc\/nginx\/sites-enabled\/example.org<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
7. Restart nginx<\/h3>\n\n\n\n
# sudo service nginx restart<\/code><\/pre>\n\n\n\n<\/blockquote>\n\n\n\n
You should now be able to access both sites, each with its own domain name and SSL certificate.<\/p>\n\n\n\n
If you require help, contact SupportPRO Server Admin<\/a><\/p>\n\n\n\n
\nFacing issues? <\/p>\n\n\n\n
Our technical support
engineers can solve it. <\/p>\n\n\n\n![\"Contact](\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/3350a795-db50-482f-9911-301930d1b1be.png\")
<\/a><\/span>