< All Docs

How to install SSL on Centos-7.3 with Nginx server

Create a Microhost account to try this guide with a $50 credit.

Table of Content
How to install SSL on CentOS with Nginx

What is SSL

SSL, or Secure Sockets Layer, is an Internet security technology based on encryption. It was created by Netscape in 1995 to provide privacy, authentication, and data integrity for Internet interactions. SSL is the forerunner of the current TLS encryption protocol.

A certificate that is self-signed will encrypt communications between your server and any clients. Users cannot use the certificate to automatically authenticate the identity of your server, since it is not certified by any of the trustworthy certificate authorities available in web browsers.

If you do not have a domain name linked with your server and the encrypted web interface is not user-facing, a self-signed certificate may be suitable.

Prerequisites:

  • yum server should be configured
  • Internet should be working on the machine
  • Super user or normal user with SUDO privileges

OS and other important files:

  • We have used CentOS with Nginx server
  • Default Configuration file: /etc/nginx/nginx.conf
  • SSL Virtual Host file: /etc/nginx/nginx.conf

Steps to install the SSL:

Step 1: Install the nginx server on your Centos server using the below command.

yum install epel-release -y
yum install nginx -y

Note: As the nginx do not comes with default repositories, that is why we installed epep repositories to install the nginx

Step 2: Start and enable the nginx service on your server so that you can use the nginx services

systemctl start nginx
systemctl enable nginx

Step 3: Now to check the whether your nginx service is running fine or not, go to browser and search your server ip on your browser as shown below

Step 4: To generate a CSR,  we need to install openssl and mod_ssl package.

yum install openssl mod_ssl -y

Step 5: Now if we want to test nginx server with a sample source code. Go to the /var/www/html directory and create an index. html file and paste the content shown in the below screenshot.

vim /var/www/html/index.html

Step 6: Now generate the SSL certificate files(csr) using below command

openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr

Note:

  • Here you will be asked to enter a few details. So please enter them accrodingly.
  • The above command will create a csr and certificate key file in the current working directory.
  • In common name, for the subdomain, you must include an asterisk if you are requesting a unique wildcard SSL certificate. In such scenario, *.mydomain.com may serve as an example. Never enter any special characters in this area, including "http://", "https://", or any other variation. Never add text after the top-level domain. Your common name, for instance, should finish in.com,.net, or the other extension you are requesting.

Congratulations, a CSR file has been generated.

When getting an SSL certificate, you must copy and paste the whole contents of the CSR file to your Certificate Authority.
The lines that say "BEGIN CERTIFICATE REQUEST" and "END CERTIFICATE REQUEST" must be included.

Step 7: Download the validation file from the SSL panel.

Step 7: To set up the virtual hosts to display the new certificate. Open the nginx.conf file and uncomment the lines shown below

 vim /etc/nginx/nginx.conf
server {
    listen       443 ssl http2;
    listen       [::]:443 ssl http2;
    server_name  _;
    root         /var/www/html;

    ssl_certificate "/etc/pki/tls/certs/apache-selfsignclient_loop: send disconnect: Connection reset
    ssl_certificate_key "/etc/pki/tls/private/apache-selfsigned.key";

    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

Please make sure to give the path of newly downloaded authencation file in  the SSLCertificateFile and key file path in SSLCertificateKeyFile .

Step 8: Now Restart the nginx service and go to your browser and browse https://server_IP

SSL installed home page

 

Previous How to install phpMyAdmin on Linux
Next How to install WordPress with LEMP on CentOS server
Table of Contents