How to Generate CSR and Install SSL on NGINX Server

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.00 out of 5)

Quick Tips to Generate CSR and SSL Certificate Installation Process for NGINX Server

This article is all about the simplified procedure of generating the CSR (Certificate Signing Request) and installing the SSL on Nginx Server without causing any error or mistake. Before we start with both the processes, please be sure to buy or renew an SSL Certificate from a trusted certificate authority (CA).

nginx ssl certificate

Before we go further, make sure to save all the SSL Certificate files provided by the Certificate Authority to a specific location.

Step1: NGINX CSR Generation with OpenSSL command

To generate CSR and Private key on your NGINX server, please perform the following steps.

  • Use Secure Shell or SSH Terminal to login into your server
  • Now execute the following OpenSSL command
openssl req –new –newkey rsa:2048 –nodes –keyout domain-name.key –out domain-name.csr
  • Here you need to add the below-requested information turn by turn.
  1. Common Name: The name of your base domain
  2. Organization: The name of your Business/Organization
  3. Organization Unit: The Unit name of your business
  4. City or Locality: The name of your City
  5. State: The name of your state
  6. Country: Two letter country code
  7. Passphrase: This is an optional request (you only need to add if you wish to secure your CSR with a password).
  • At the end of the above process, you will have the CSR and Private Key on your screen.
  • Now, copy the encrypted data of the CSR —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– and paste into a new Text file, and give a name as domain-name.csr.
  • Following the same way, save the Private Key by giving a file name as domain-name.key.
  • Now move to the next step to install the SSL Certificate.


Step2: NGINX SSL Certificate Installation

Perform following steps for the successful SSL Certificate and Intermediate Certificate installation on NGINX Server.

  • As per the above explanation, we have requested to save all the SSL files provided by the CA into a specific location.
  • Now run following command to concatenate both files into a single .pem file or a bundle.crt file (NGINX will accept both the file formats).


cat domain-name.crt certificate-authority.crt >> bundle.crt
  • Here, domain-name.crt is your Server Certificate, and certificate-authority.crt is the Intermediate Certificate.
  • Edit the Virtual Host File
    • Open the Nginx virtual host file
    • At the end of the file add the following command


server {
listen   443;
ssl    on;
ssl_certificate    /etc/ssl/domain-name.pem; (or bundle.crt)
ssl_certificate_key    /etc/ssl/domain-name.key;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root   /home/www/public_html/;
index  index.html;

Note: Here, ssl_certificate    /etc/ssl/domain-name.pem; (or bundle.crt) is the location of .prm or .crt file concatenated through the previous step, and ssl_certificate_key    /etc/ssl/domain-name.key is the location of your private key.

  • Save the Virtual Host File and restart the NGINX server using the following
sudo /etc/init.d/nginx restart

Once you complete the SSL installation process, you can verify the installation using our free SSL Checker Tool.

Conclusion: Finally, the installation of the generated CSR with the private key and the SSL Certificate along with the Intermediate Certificate is carried out in your NGINX Server. Your website is now secured and ready to run with the HTTPS protocol. Don’t forget to redirect the HTTP traffic to HTTPS.