{"id":347,"date":"2016-01-19T15:02:14","date_gmt":"2016-01-19T15:02:14","guid":{"rendered":"http:\/\/www.pkipartner.support\/?page_id=347"},"modified":"2016-03-29T10:00:55","modified_gmt":"2016-03-29T10:00:55","slug":"install-certificate-installation-nginx","status":"publish","type":"page","link":"https:\/\/pkipartner.com\/support\/install-certificate-installation-nginx\/","title":{"rendered":"Install &#8211; NGINX"},"content":{"rendered":"<h1><strong>Certificate Installation: NGINX<\/strong><\/h1>\n<p>Needed for this task:<\/p>\n<ul>\n<li>PEM encoded certificates (Root, Intermediate(s) and Domain\/Device)<\/li>\n<\/ul>\n<p><strong>Combine (Concatenate) multiple certificates into one file<\/strong><br \/>\nCombining the certificates into one file can be accomplished in many ways.<\/p>\n<p>Note: Please be aware that the file names used in this article are for example purposes ONLY!<\/p>\n<p>Please modify accordingly to suit your needs based on the type of certificate you have.<\/p>\n<p>If you&#8217;re unsure what file names you should be using, then please consult our article: \u00a0<a href=\"http:\/\/www.pkipartner.com\/support\/faq-which-is-root-which-it-intermediate\/\">Which is Root? Which is Intermediate?<\/a><\/p>\n<ol>\n<ul>\n<li>Using the &#8216;cat&#8217; command (found on Unix and Unix-like Operating Systems):\n<ul>\n<li>Syntax: cat Device\/Entity Cert Intermediates (reverse order) Root &gt;&gt; ssl-bundle.crt<\/li>\n<li>Example Syntax: cat www_yourdomain_com.crt ComodoHigh-AssuranceSecureServerCA.crt AddTrustExternalCARoot.crt &gt;&gt; ssl-bundle.crt<\/li>\n<li><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<li>If you have the individual certificate files (eg. AddTrustExternalCARoot.crt):\n<ul>\n<li>Using a GUI based text editor.\n<ul>\n<li>Copy contents of the files into ONE file in ascending order (opposite order of what is shown) as per our article: \u00a0<a href=\"http:\/\/www.pkipartner.com\/support\/faq-which-is-root-which-it-intermediate\/\">Which is Root? Which is Intermediate? <\/a><\/li>\n<li>Save file as ssl-bundle.crt.<\/li>\n<li><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>If you have a .crt and .ca-bundle:<\/li>\n<\/ol>\n<ol>\n<ul>\n<li>Using the cat command (found on Unix and Unix-like Operating Systems):\n<ul>\n<li>Syntax: cat Device\/Entity Cert Bundle<\/li>\n<li>Example Syntax: cat www_yourdomain_com.crt www_yourdomain_com.ca-bundle &gt;&gt; ssl-bundle.crt<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/ol>\n<ol>\n<ul>\n<li>Using a GUI based text editor.\n<ul>\n<li>Copy contents of: &#8216;www_yourdomain_com.crt&#8217; into &#8216;www_yourdomain_com.ca-bundle&#8217; on top of the existing text.<\/li>\n<li>Save new file as ssl-bundle.crt.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/ol>\n<p><strong>Configure your NGINX Virtual Host<\/strong><\/p>\n<p>* Move newly created ssl-bundle.crt to where you&#8217;re saving cert files. e.g. \/etc\/ssl\/certs\/<br \/>\n* create\/modify your website site&#8217;s configuration file, which may be located in the following:<br \/>\n* \/etc\/nginx\/sites-available\/<br \/>\n* \/usr\/local\/nginx\/sites-available\/<\/p>\n<p>* Ensure it has the following:<br \/>\n&#8212; Set &#8216;ssl&#8217; to on.<br \/>\n&#8212; Set &#8216;listen&#8217; to your SSL port; typically 443.<br \/>\n&#8212; Set &#8216;ssl_certificate&#8217; to the location of your newly created ssl-bundle.crt file.<br \/>\n&#8212; Set &#8216;ssl_certificate_key&#8217; to the location of your private key.<\/p>\n<p>* Optionally you can set the following:<br \/>\n&#8212; ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM; #Disables all weak ciphers<br \/>\n&#8212; ssl_protocols SSLv3 TLSv1; #enables SSLv3\/TLSv1, but not SSLv2 which is weak and should no longer be used.<\/p>\n<p><strong>Example of an SSL configured Virtual Host for nginx<\/strong><\/p>\n<p style=\"padding-left: 60px;\">server {<br \/>\nlisten 443;<br \/>\nssl on;<br \/>\nssl_certificate \/etc\/ssl\/certs\/ssl-bundle.crt;<br \/>\nssl_certificate_key \/etc\/ssl\/private\/mysite.key;<br \/>\n#enables SSLv3\/TLSv1, but not SSLv2 which is weak and should no longer be used.<br \/>\nssl_protocols SSLv3 TLSv1;<br \/>\n#Disables all weak ciphers<br \/>\nssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;<\/p>\n<p>server_name mysite.com;<br \/>\n}<\/p>\n<p><strong>Related Articles<\/strong><\/p>\n<p>* <a href=\"http:\/\/www.pkipartner.com\/support\/csr-generating-a-certificate-signing-request-csr-using-openssl-apache-mod_ssl-nginx\/\">CSR Generation: Apache (using OpenSSL)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Certificate Installation: NGINX Needed for this task: PEM encoded certificates (Root, Intermediate(s) and Domain\/Device) Combine (Concatenate) multiple certificates into one file Combining the certificates into one file can be accomplished in many ways. Note: Please be aware that the file names used in this article are for example purposes ONLY!\u2026<\/p>\n<p> <a class=\"continue-reading-link\" href=\"https:\/\/pkipartner.com\/support\/install-certificate-installation-nginx\/\"><span>Continue reading<\/span><i class=\"crycon-right-dir\"><\/i><\/a> <\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/347"}],"collection":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/comments?post=347"}],"version-history":[{"count":5,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/347\/revisions"}],"predecessor-version":[{"id":772,"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/pages\/347\/revisions\/772"}],"wp:attachment":[{"href":"https:\/\/pkipartner.com\/support\/wp-json\/wp\/v2\/media?parent=347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}