Introduction
This tutorial will show you how to acquire and install an SSL certificate from a trusted, commercial Certificate Authority (CA). SSL certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. The main benefit of using a purchased SSL certificate from a trusted CA, over self-signed certificates, is that your site’s visitors will not be presented with a scary warning about not being able to verify your site’s identity.
-
GoDaddy
GoDaddy is the worlds largest and trusted domain registrar. GoDaddy is a popular CA, and has all of the basic certificate types.
Certificate Types
There are 3 types of SSL Certificate available. Here is a short description of each type:
- Single Domain: Used for a single domain, e.g.
test.com
. Note that additional subdomains, such aswww.test.com
, are not included - Wildcard: Used for a domain and any of its subdomains. For eg, a wildcard certificate for
*.test.com
can also be used forwww.test.com
andload.test.com
- Multiple Domain: Known as a SAN or UC certificate, these can be used with multiple domains and subdomains that are added to the Subject Alternative Name field. For test, a single multi-domain certificate could be used with
test.com
,www.test.com
, andtest.net
Our website name is test.com
Prerequisites:
Registered Domain Name
Before acquiring an SSL certificate, you must own or control the registered domain name that you wish to use the certificate with. If you do not already have a registered domain name, you may register one with one of the many domain name registrars out there (e.g. Namecheap, GoDaddy, etc.).
Web Server
you will need a web server to install the SSL certificate on. This is the server that is reachable at the domain name for which the SSL certificate will be issued for. this may be an Apache HTTP, Nginx server. If you need help setting up a web server Please click the link to
1. Set up a web server of your choice. For test, a LEMP (Nginx) or LAMP (Apache) server–be sure to configure the web server .
Generate a CSR and private Key
To generate a certificate signing request (CSR) we can use the following command
Replace the test.com with your relevant Domain name to create test.com.key and test.com.csr
Openssl req -newkey rsa:2048 -nodes -keyout test.com.key -out test.com.csr
It will ask for Details regarding CountryName, State etc., Please enter Your details.
This will generate 2 files (.key and .csr)
Go to GoDaddy’s SSL certificate page:https://www.godaddy.com/ssl/ssl-certificates.aspx
And register for the ssl certificate by giving the generate .csr file which we created.
Next download the ssl certificte from godaddy , Click on activate now
you’ll be asked to select the server type select nginx and download the Zip file.
Once the zip is extracted you should get 2 files one will be 1235454xxxx.crt and another will look like gd.bundle-g2-1.crt
Rename the 1st file that is 123xx.crt to you domainame.crt (test.com.crt) and gd.bundle-g2-1.crt as ( intermediate.crt)
Assume the following extracted keys are in /etc/nginx/ssl directory
- 1 . The private key called as test.com.key
-
The SSL certificate called as test.com.crt and
-
The CA intemediate certificate called as intermediate.crt
-
using this we will configure and add SSL certificate in Nginx Config file
Execute the following command to combine 2 keys into one as new.test.crt
cat test.com.crt intermediate.crt> new.test.crt
Now goto Nginx Config File
cd /etc/nginx/sites-enabled
Assuming you want to add ssl certiicate to your default.conf( in your case it will be (domainname.conf) or you can create one
sudo vi default.conf
Find and modify the ssl line it should look like this
listen 443 ssl;
Then find the servername column and (replace the highlighted path and name with your own details).
servername test.com
ssl_certificate
/etc/nginx/ssl/new.test.crt ssl_certificate_key /etc/nginx/ssl/test.com.key
If you want HTTP traffic to redirect to HTTPS, you can add this additional server block at the top of the file (replace the highlighted parts with your own information):
server {
Listen 80 ;
servername test.com
rewrite ^/(.*) https://test.com/$1 permanent;
}
then save and quit (:wq!)
use the following cmd to check configurations and restart the nginx service
sudo nginx -T sudo service nginx restart
Conculsion
Clear the Cache memory from you browser and type https://test.com
you should see encryption sign for you website and try accessing website with http://test.com it should automatically redirect your website to https;//test.com
😎 😎 😎