Wednesday, March 29, 2017

how to install positive ssl on your website using nginx webserver

Now a days SSL is mandatory to encrypt information of website and also validate server identities to their visitors. If any site has no ssl, during user login most of the popular browser show that "this connection is not secure".



So I had bought positive SSL from namecheap for 9 dollar. This support single domain like mashy.me and www.mashpy.me

To setup ssl first you have to generate CSR and private key. From the terminal write -
$ cd ~
$ openssl req -newkey rsa:2048 -nodes -keyout mashpy.me.key -out mashpy.me.csr

You will get some question like this -

Country Name (2 letter code) [AU]: BD
State or Province Name (full name) [Some-State]:Dhaka
Locality Name (eg, city) []: Dhaka
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Your Company
Organizational Unit Name (eg, section) []: blog
Common Name (e.g. server FQDN or YOUR name) []: mashpy.me
Email Address []: abc@example.com

Here common name is so much important. You have to put domain name there.

Login you ssl service provider and you have to input csr code there and have to apply for approval ssl. write -
$ cat mashpy.me.csr
Copy the text and put it on the namecheap positive ssl and apply.


Within 24 hours they will send you a zip file which includes www_mashpy_me.ca-bundle www_mashpy_me.crt

Now we have to merge the text of these two files.

$ cat www_mashpy_me.ca-bundle www_mashpy_me.crt > mashpy.me.chained.crt

We have to put our two files mashpy.me.chained.crt, mashpy.me.key to here  -
 /etc/nginx/ssl/mashpy


Suppose on nginx your server block is -

server {
  listen 80 default deferred;
  server_name www.mashpy.me mashpy;
  root /home/ubuntu/apps/mashpy_production/current/public;

}


We have to change it like this -

Suppose on nginx your server block is -

server {
  listen 80 default deferred;
  server_name www.mashpy.me mashpy;
  root /home/ubuntu/apps/mashpy_production/current/public;


  listen 443 ssl;
  ssl_certificate /etc/nginx/ssl/mashpy/mashpy.me.chained.crt
  ssl_certificate_key /etc/nginx/ssl/mashpy/mashpy.me.key;

}

Now restart you nginx server. 

$ sudo service nginx restart

Now browse your site using https://mashpy.me . Hope it will work. If you have any question, don't hesitate to ask on the comment box.







No comments:

Post a Comment