1.2 KiB
Executable file
1.2 KiB
Executable file
Get the required files
You can buy a SSL certificate from a trusted Certificate Authority or generate your own. For self signed certificates the browser will show a warning that the certificate is not trusted.
The files required are
- Certificate (usually with extension .crt)
- Decrypted private key
If you have multiple certificates (primary and intermediate), you will have to concatenate them. For example,
cat your_certificate.crt CA.crt >> certificate_bundle.crt
Also make sure that your private key is not world readable. Generally, it is owned and readable only by root
chown root private.key
chmod 600 private.key
Move the two files to an appropriate location
mkdir /etc/nginx/conf.d/ssl
mv private.key /etc/nginx/conf.d/ssl/private.key
mv certificate_bundle.crt /etc/nginx/conf.d/ssl/certificate_bundle.crt
Setup nginx config
Set the paths to the certificate and private key for your site
bench set-ssl-certificate site1.local /etc/nginx/ssl/certificate_bundle.crt
bench set-ssl-key site1.local /etc/nginx/ssl/private.key
Generate nginx config
bench setup nginx
Reload nginx
service nginx reload
or
systemctl reload nginx # for CentOS 7