Monthly Archives: December 2014

Install SSL certificate for Nginx

Recently I bought an SSL certificate for this blog from MegaSSLStore. My website is hosted on a FreeBSD machine and served by Nginx web server. In order to install the certificate on this machine, I downloaded from MegaSSLStore the certificate and CSR+private key and I copied them on my server in /usr/local/etc/nginx/ssl

Because I have an .crt certificate and also a ca-bundle I need to combine these two files in one certificate:

After this, I changed the nginx website configuration file, in order to redirect all the traffic that is coming on http (port 80) on https (port 443).

In my website .conf file, I added a new server section in which I specified to redirect all the traffic that comes on port 80 to https, using the http response code 301 (Moved Permanently). Also in the old server section I removed the “listen 80” directive and I added “listen 443 ssl”.

The next step is to add the certificates into the configuration file. So, again in the nginx configuration of the website:

If you use the a default nginx config file, probably you will have a line like:

I replaced this line with:

in order to avoid some vulnerabilities old versions of SSL and I removed the old line ‘ssl_ciphers’ that was containing some weak ciphers and I replaced with:

After this I reloaded the nginx config file with:

In my case, I was using a CDN to deliver some assets (js, css files or images), but because it was over http I disabled it in order to not have mixed content on the same page, until I will add the certificates also to the CDN subdomain.