How to add SSL certificate provided by GoDaddy to a website running on Nginx?

VijayKumar Tuts No Comments

Introduction

 

This tutorial will show you how to acquire and install an SSL certificate from a trusted, commercial Certificate Authority (CA). SSL certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. The main benefit of using a purchased SSL certificate from a trusted CA, over self-signed certificates, is that your site’s visitors will not be presented with a scary warning about not being able to verify your site’s identity.

 

  • GoDaddy

   GoDaddy is the worlds largest and trusted domain registrar. GoDaddy is a popular CA, and has all of the basic certificate types.

 

Certificate Types

There are 3 types of SSL Certificate available.  Here is a short description of each type:

  • Single Domain: Used for a single domain, e.g. test.com. Note that additional subdomains, such as www.test.com, are not included
  • Wildcard: Used for a domain and any of its subdomains. For eg, a wildcard certificate for *.test.com can also be used for www.test.com and load.test.com
  • Multiple Domain: Known as a SAN or UC certificate, these can be used with multiple domains and subdomains that are added to the Subject Alternative Name field. For test, a single multi-domain certificate could be used with test.com, www.test.com, and test.net

Our website name is test.com

Prerequisites:

 

Registered Domain Name

Before acquiring an SSL certificate, you must own or control the registered domain name that you wish to use the certificate with. If you do not already have a registered domain name, you may register one with one of the many domain name registrars out there (e.g. Namecheap, GoDaddy, etc.).

Web Server

you will need a web server to install the SSL certificate on. This is the server that is reachable at the domain name for which the SSL certificate will be issued for. this may  be an Apache HTTP, Nginx server. If you need help setting up a web server Please click the link to

1. Set up a web server of your choice. For test, a LEMP (Nginx) or LAMP (Apache) server–be sure to configure the web server .

 

Generate a CSR and private Key

 

To generate a certificate signing request (CSR) we can use the following command

Replace the test.com with your relevant Domain name to create test.com.key and test.com.csr

Openssl req -newkey rsa:2048 -nodes -keyout test.com.key -out test.com.csr

It will ask for Details regarding CountryName, State etc.,  Please enter Your details.

This will generate 2 files (.key and .csr)

Go to GoDaddy’s SSL certificate page:https://www.godaddy.com/ssl/ssl-certificates.aspx

And register for the ssl certificate by giving the generate .csr file which we created.

Next download the ssl certificte from godaddy , Click on activate now

you’ll be asked to select the server type select nginx and download the Zip file.

Once the zip is extracted you should get 2 files one will be 1235454xxxx.crt and another will look like gd.bundle-g2-1.crt

Rename the 1st file that is 123xx.crt to you domainame.crt (test.com.crt) and gd.bundle-g2-1.crt as ( intermediate.crt)

Assume the following extracted keys are in /etc/nginx/ssl directory

  • 1 . The private key called as test.com.key

  1. The SSL certificate called as test.com.crt and

  2. The CA intemediate certificate called as intermediate.crt

  3. using this we will configure and add SSL certificate in Nginx Config file

Execute the following command to combine 2 keys into one as new.test.crt

cat test.com.crt intermediate.crt> new.test.crt

Now goto Nginx Config File

cd /etc/nginx/sites-enabled

Assuming you want to add ssl certiicate to your default.conf( in your case it will be (domainname.conf) or you can create one

sudo vi default.conf

Find and modify the ssl line it should look like this

listen 443 ssl;

Then find the servername column and (replace the highlighted path and name with your own details).

servername test.com
ssl_certificate /etc/nginx/ssl/new.test.crt ssl_certificate_key /etc/nginx/ssl/test.com.key

If you want HTTP traffic to redirect to HTTPS, you can add this additional server block at the top of the file (replace the highlighted parts with your own information):

server {
   Listen 80 ;
   servername test.com
   rewrite ^/(.*) https://test.com/$1 permanent;
}

then save and quit (:wq!)

use the following cmd to check configurations and restart the nginx service

sudo nginx -T
sudo service nginx restart

Conculsion

Clear the Cache memory from you browser and type https://test.com
you should see encryption sign for you website and try accessing website with http://test.com it should automatically redirect your website to https;//test.com

😎 😎 😎