Click here to view code image
matthew@seymour:~$ cp server.crt /etc/nginx/ssl/
To copy the key to its proper location, use this command:
Click here to view code image
matthew@seymour:~$ cp server.key /etc/nginx/ssl/
Next, you must modify your Nginx configuration to use the server certificate
and key files. This is done in the server module of the config file. Here is the
earlier example, with the additions you need now in bold:
Click here to view code image
server {
listen 80; #sets the HTTP port from which
the website is served
listen 443 ssl; server_name www.yourdomain.com; #names the server using the www
prefixssl_certificate /etc/nginx/ssl/server.crt
ssl_certificate /etc/nginx/ssl/server.key #if a server request is made without www, this next line will
rewrite it
rewrite ^/(.*) http://yourdomain.com/$1 permanent;
}You can now access web pages on your server by using https://. This is
adequate for testing and internal use but not for anything else.
The best thing to do if you are going to host a professional site is to use a CA.
Every CA has a preferred method, and you should read a CA’s requirements
before you use that CA. The basic process is usually like this:
- Create a private and public encryption key pair.
- Create a certificate based on the public key.
- Create a certificate request with information about your server and the
company hosting it. - Send your certificate request and public key along with proof of your
company’s identity and payment to the CA. - Wait for the CA to verify the request and your identity and send back a
certificate like the self-signed one created earlier, but signed by the CA. - Install that certificate on your server and configure Apache2 to use it.