SQL Complex Queries

How to Install Comodo PositiveSSL Certificate on Nginx with Ease

Amit S June 20, 2023 No Comments

SSL certificates serve as digital passports for websites. They’re digital certificates built to establish secure connections between web servers and users’ browsers to establish trust.

Notably, 85% of internet users actively avoid unsecured websites. In fact, many seek HTTPS and the padlock symbol in the URL before proceeding with a connection.

To ensure the confidentiality and integrity of data transmitted on your website, installing an SSL certificate on your server is imperative. Incidentally, search engines like Google consider HTTPS encryption as a ranking signal. This alone makes the installation of an SSL Certificate essential for improving your website’s online visibility and, ultimately, user engagement.

How do you Install Comodo Positive SSL Certificate on Nginx?

Getting an SSL certificate in 2023 is a breeze compared to the past. Today, SSL certificates are quite affordable, with entry-level options available for as low as $8 to $12 per year.

This widely depends on your vendor, though. Perhaps, the only twist is in the setup process.

If you are not good at server configurations, you may find the set up process a little daunting. You do not have to worry though if you’re using Nginx. Follow these steps to install Comodo Positive SSL certificate on Nginx.

  • Step 1: Check to ensure that Nginx is fully and correctly installed on your system.
  • Step 2: Run this command to generate your private key and CSR (Certificate Signing Request):

openssl req -new -newkey rsa:2048 -nodes -keyout domainname_com.key -out domainname_com.csr

You will get two files:

  1. DOMAINNAME_COM.KEY: Your Private Key (needed for Nginx configuration).
  2. DOMAINNAME_COM.CSR: Your CSR file.
  • Step 3: Purchase an SSL certificate. Once you complete the order process, you’ll have to complete the configuration process and domain approval process. After that, the CA will send a zip file attached to your registered email. A zip file containing the following files:
  1. Root CA Certificate: AddTrustExternalCARoot.crt
  2. Intermediate CA Certificate: COMODORSAAddTrustCA.crt
  3. Intermediate CA Certificate: COMODORSADomainValidationSecureServerCA.crt
  4. Your PositiveSSL Certificate: www_domainname_com.crt (or the subdomain you provided)
  • Step 4: Combine all the certificate files into a single file. Nginx requires the certificate and CA chain to be combined. Use the following command if you have individual certificate files:

cat www_domainname_com.crt ComodoHigh-AssuranceSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

  • If you have a .crt and .ca-bundle file, use the following command:

cat www_domainname_com.crt www_domainname_com.ca-bundle > ssl-bundle.crt

You can as well use a GUI-based text editor to combine the files.

  • Step 5: Configure your Nginx Virtual Host. Follow these steps:
  1. Transfer the newly created SSL-bundle.crt file to the directory where you save certificate files (e.g., /etc/ssl/certs/ for Ubuntu or /usr/local/ssl/certs for Windows).
  2. Edit the configuration file of your website. Find it in /etc/nginx/sites-available/. Alternatively, check; /usr/local/nginx/sites-available/.
  3. These options must be set correctly in the configuration file:

server {

listen 443;

server_name domainname.com;

ssl on;

ssl_certificate /etc/ssl/certs/ssl-bundle.crt;

ssl_certificate_key /etc/ssl/private/domainname.key;

ssl_prefer_server_ciphers on;

}

  1. Replace domainname.com with your actual domain name. Replace the domain name.key with your private key file path.
  • Step 6: Restart Nginx to apply the changes.

How do I Ensure SSL Certificate is Installed Correctly?

Browsers like Google Chrome will trigger SSL error warnings like mismatched domain names, incomplete certificate chains or expired certificates if your SSL certificate isn’t installed correctly. These errors may discourage visitors. 

They may also interfere with your rankings on results pages. Here are simple ways to check if your SSL certificate has been installed correctly;

  • Check the browser’s address bar: Type your website URL in a browser. The URL should begin with https://. Not http://. A padlock icon should also be displayed. This verifies the secure connection.
  • Verify certificate details: You can check your certificate details by clicking on the padlock icon. The certificate should also be valid, and not expired.
  • Use SSL/TLS checker tools: There are online SSL/TLS checker tools that you can use to scan your website. The scan result will reveal detailed information about your SSL certificate’s validity. It will also show the expiration date, and any potential errors. Popular tools include SSL Labs’ SSL Server Test and the Qualys SSL Server Test.
  • Online SSL validation services: Certificate authorities and other organizations offer online SSL validation services that allow you to input your website’s URL and receive a validation report. These services can help identify any configuration or installation issues.
  • Check browser warnings: Try accessing your website URL on different browsers and devices. Ensure no warning messages or errors are displayed when accessing it. Common browser warnings include “Your connection is not private” or “Invalid certificate.”

Closing Thoughts :

Installing an SSL certificate on Nginx may seem frustrating. However, it is all worth it in the end. So, if you’ve not yet made the switch from HTTP to HTTPS, act today. A valid SSL certificate will not only safeguard your website but also the privacy of customers who trust you with their confidential information.

Leave a Reply

Your email address will not be published. Required fields are marked *