How To Install RapidSSL SSL Certificate - Nginx Server

In this article, I will describe how to use the SSL certificate provided by RapidSSL with Nginx server.

openssl is a command line tool to use various cryptography functions.

The req command of openssl provides PKCS#10 X.509 Certificate Signing Request (CSR) management facilities.

We will generate a new certificate request for the domain .

openssl req -new -nodes -keyout www.example.com.key -out www.example.com.csr

The -nodes argument instructs openssl to not encrypt the private key.

The -keyout argument instructs openssl to write the newly created private key to the specified file name.

By default, openssl writes to standard output. We specify the argument -out to write the output to the given file name rather than standard output.

If you do not wan the hassles of using the challenge password, simply hit enter when prompted. You don't have to enter the email address and optional company name.

Here's a sample execution of the command:

[sudheer@lab ~]$ openssl req -new -nodes -keyout www.example.com.key -out www.example.com.csr
Generating a 2048 bit RSA private key
........................................+++
...............................................................................................................................................+++
writing new private key to 'www.example.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Karnataka
Locality Name (eg, city) [Default City]:Bangalore
Organization Name (eg, company) [Default Company Ltd]:Example Ltd.
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.example.com
Email Address []:
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[sudheer@lab ~]$ 

Generate a RSA private key using the triple DES ciphers.

openssl genrsa -des3 -out www.example.com.key 2048

2048 is the size of the private key in bits.

Generate the CRS using the key:

openssl req -new -key www.example.com.key -out www.example.com.csr

Remove Passphrase from key

cp www.example.com.key www.example.com.key.org
openssl rsa -in www.example.com.key.org -out www.example.com.key

Save the certs from email to server.

vim www.example.com.crt
vim www.rapidssl_intermediate.crt

Combine your key and the intermediate key.

cat www.example.com.crt www.rapidssl_intermediate.crt > www.example.com.pem

Upload the .pem and .key files to /etc/ssl/certs/ directory on your server.

Add the SSL configuration in Nginx.

server {
  listen  80;
  listen 443 default_server ssl;
  ssl_certificate      /etc/ssl/certs/www.example.com.pem;
  ssl_certificate_key  /etc/ssl/certs/www.example.com.key;  
  # DO NOT USE ssl on; 
  ...
}
Taxonomy upgrade extras: 

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.