How to Install a TLS/SSL Certificate In Nginx

The following instructions will guide you through the SSL Certificate installation process on Nginx. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure.

What You'll Need

  1. Your server certificate file
    This is the TrustCor certificate you received for your domain.
  2. Your intermediate certificate(s)
    These files allow the devices connecting to your server to identify TrustCor as the issuing CA. There may be more than one of these certificates. If you downloaded the pem-chain file, it will also contain the Intermediate certificate(s) bundled with your domain's certificate.
  3. Your private key
    This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.

Installation Instructions

  1. Copy your Certificate files
    Copy your Certificate files into the proper directory on your server.
  2. Link your files
    You need to link the two certificates or "chain them together" into a single file by entering the command below:

    cat your_domain_name.crt Intermediate.crt >> bundle.crt
  3. Edit the Nginx virtual hosts file
    Edit your Nginx virtual host file for the website you are securing.

    If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection.

    Make a copy of the existing non-secure server module and paste it below the original. Add the lines shown below:

    server {
        ssl on;
        ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
        ssl_certificate_key /etc/ssl/your_domain_name.key;
        access_log /var/log/nginx/nginx.vhost.access.log;
        error_log /var/log/nginx/nginx.vhost.error.log;
        location / {
            root  /home/www/public_html/;
            index  index.html;
  4. Important — Make sure you adjust the file names to match your certificate files:
    • ssl_certificate should be your primary certificate combined with the root & intermediate certificate bundle that you made in the previous step (e.g. your_domain.crt).
    • ssl_certificate_key should be the key file generated when you created the CSR.
  5. Restart Nginx
    Restart Nginx using the command line below:

    sudo /etc/init.d/nginx restart

Your certificate is now installed. You can navigate to your site in a web browser and view the certificate/site information to verify if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.