Before you begin
Prerequisites :
- Must have the certificates provided by the Certificate Authority
- Must have the Private Key
Setup and Configure
1. Bundle the Certificate files received from CA
cat <ssl_certificate_from_ca> <intermediate_certificate_from_ca> >> <filename_bundled_ssl_certificate>
2. Upload the SSL Certificate Bundle and Private Key to the Server
scp <bundled_ssl_certificate> <user>@<host>:/home/ubuntu/ scp <private_key> <user>@<host>:/home/ubuntu/
3. SSH to the Server
$ ssh-add <private_key>; $ ssh <user>@<host>;
4. Move the SSL Certificates to /etc/ssl
sudo mv /home/ubuntu/<bundled_ssl_certificate> /etc/ssl sudo mv /home/ubuntu/<private_key> /etc/ssl
5. Change file permissions
sudo chmod 644 /etc/ssl/<bundled_ssl_certificate> sudo chmod 644 /etc/ssl/<private_key>
6. Configure the Nginx configuration for your domain that will be using the SSL Certificates
sudo nano /etc/nginx/sites-available/default
server {
...
# Enter the following in the server block
# ---------------
# SSL
# ---------------
listen 443 ssl;
ssl_certificate /etc/ssl/<bundled_ssl_certificate>;
ssl_certificate_key /etc/ssl/<private_key>;
# ----------------
# Redirect to HTTPS
# ----------------
if ($scheme = 'http') {
return 301 https://$host$request_uri;
}
...
}