How to create and install SSL on Nginx Debian

In order to create an SSL certificate and install it on your website, the main requirement is that you have purchased an SSL service so that it can be activated on your website.

Many cheap SSL provider services with a minimum price of 50 thousand-10 million / year. ($ 5- $ 78 / year)

Also Read: How To Build WordPress On A VPS: How To Set Up Nginx And Install WordPress

Example here the author uses the services of ssls.com

Here are the steps:

1. Sign up on the website of the SSL provider, then in the first step you will be asked to create a CSR (Certificate Signing Request).

Create folders, server key files, and CSR files

2. Now create the CSR file on the server we are using. First, create a new directory to store the SSL certificate files.

sudo mkdir /etc/nginx/sslinwepo

3. Next, change to the directory you have created.

cd /etc/nginx/sslinwepo

4. Create a server key using the following command:

sudo openssl genrsa -des3 -out server.key 2048

You will be prompted for a password (Passphrase) New.

5. Create CSR.

sudo openssl req -new -key server.key -out server.csr

6 Delete Passphrase.

sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key

7. Create a CSR signature.

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Upload the CSR to the SSL service

8. Open the file server.scr you and Insert to the SSL service.

cat server.csr

Back to the SSL service (step 1.)

paste then click to the column “Read my CSR” keep going.

9. Select next “ANY OTHER SERVER (EX.APACHE / NGINX)” when you install it on the apache / nginx server. If you have decided to continue “Looks good”.

Keep going “FURTHER”.

10. Now select the verification process “E-MAIL RECEIVED” if you want to confirm it by email. Select “UPLOAD DATA” if you want to check it over Upload Files on the server.

The author voted by email. If you continued “IT CONTINUES”.

11. Open the confirmation email, click the link “Here” then enter Validation code.

12. When the verification process is complete, wait about half an hour and then enter the SSL provider account if the status is shown active means it can be used. Click on the number dare to download the file to be installed on our server.

13. Download the SSL file and Upload to your server, put it in the directory / etc / nginx / sslinwepo.

extract zip file already exists Upload to the server.

unzip inwepo.zip

14. After Tue Upload Now merge these 3 SSL files with the command:

cat inwepo.co.crt inwepo.co.p7b inwepo.co.ca-bundle > ssl-bundle.crt

If you have bundle up, now we install, open the file configuration nginx then add the following command:

server { listen 443; ssl on; ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/example_com/server.key;# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

15. Test nginx if there is something Error.

nginx -t

16. If there aren’t any, then start anew or reload the nginx.

sudo etc/init.d/nginx restart

or

sudo etc/init.d/nginx reload

Complete.

If you get an error message like the following on nginx:

nginx: [emerg] PEM_read_bio_X509("/etc/nginx/sslinwepo/ssl-bundle.crt") failed (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line)

open and to edit File ss-bundle.crt

nano ss-bundle.crt

then edit scroll see below if there is Text comments merged — please enter (not separated by a line end and begin merges)

Save and test again.

Additionally: For SSL security you can activate SSL encryption by changing the configuration in nginx. Add

ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';	ssl_prefer_server_ciphers on;	ssl_dhparam /etc/nginx/sslinwepo/dhparams.pem;






Leave a Reply

Your email address will not be published.