Support Desk

Download and unzip your certificate files

Download and unzip your certificate files in NGINX format by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. You will find one .crt file that contains your domain SSL server certificate stacked on top of the required CA intermediate chain pre-bundled for you.

  • your_domain_com.crt

Copy these files, along with the private key file you created when generating the CSR, to the NGINX /etc/ssl directory.

Update your NGINX Configuration File

Locate your NGINX configuration file and enter the full path to your your_domain_com.crt SSL server certificate and private key files.

worker_processes 1;
http {
  server {
    listen               443;
    ssl                  on;
    ssl_certificate      /usr/local/nginx/conf/your_domain_com.crt;
    ssl_certificate_key  /usr/local/nginx/conf/private.key;
    keepalive_timeout    70;
  }
}

Since NGINX version 0.7.14 the preferred way of enabling SSL is by using the ssl parameter of the listen directive:

server {
  listen 443 default ssl;
  ssl_certificate      /usr/local/nginx/conf/your_domain_com.crt;
  ssl_certificate_key  /usr/local/nginx/conf/private.key;  
  ...
}

Test your NGINX configuration

After making changes to your config file it is good practice to check the file for syntax errors before restarting NGNIX. The following command will determine if there are errors.

~$ sudo nginx -t -c /etc/nginx/nginx.conf 

Restart NGINX web server

The new configuration changes require server restart. Use the following command to restart your NGINX server.

~$ sudo /etc/init.d/nginx restart

Verify Installation

  • To verify if your certificate is installed correctly, use our Certificate Installation Checker.
  • Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.
  • Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

Additional Resources

Please contact our support team if you have any additional problems or questions.

Mar 20, 2018