Before you begin
Prerequisites :
- Must have the certificates provided by the Certificate Authority
- Must have the Private Key
Setup and Configure
1. Bundle the Certificate files received from CA
1 | cat <ssl_certificate_from_ca> <intermediate_certificate_from_ca> >> <filename_bundled_ssl_certificate> |
2. Upload the SSL Certificate Bundle and Private Key to the Server
1 | scp <bundled_ssl_certificate> <user>@<host>:/home/ubuntu/ |
2 | scp <private_key> <user>@<host>:/home/ubuntu/ |
3. SSH to the Server
1 | $ ssh-add <private_key>; |
2 | $ ssh <user>@<host>; |
4. Move the SSL Certificates to /etc/ssl
1 | sudo mv /home/ubuntu/<bundled_ssl_certificate> /etc/ssl |
2 | sudo mv /home/ubuntu/<private_key> /etc/ssl |
5. Change file permissions
1 | sudo chmod 644 /etc/ssl/<bundled_ssl_certificate> |
2 | sudo chmod 644 /etc/ssl/<private_key> |
6. Configure the Nginx configuration for your domain that will be using the SSL Certificates
01 | sudo nano /etc/nginx/sites-available/default |
02 |
03 | server { |
04 | ... |
05 |
06 | # Enter the following in the server block |
07 |
08 | # --------------- |
09 | # SSL |
10 | # --------------- |
11 | listen 443 ssl; |
12 |
13 | ssl_certificate /etc/ssl/<bundled_ssl_certificate>; |
14 | ssl_certificate_key /etc/ssl/<private_key>; |
15 |
16 | # ---------------- |
17 | # Redirect to HTTPS |
18 | # ---------------- |
19 | if ($scheme = 'http') { |
20 | return 301 https://$host$request_uri; |
21 | } |
22 |
23 | ... |
24 | } |
