How to create SSL Certificate on Nginx for CentOS

How to create SSL Certificate on Nginx for CentOS 6

The SSL (Secure Socket Layer) is a method to encrypt the site’s information through HTTPS protocol. The certificate can also show the virtual private server's identification information to site visitors. The Certitificate Authorities can issue SSL certificated that verify the server's details. This tutorial explains the installation procedure of SSL Certificate on Nginx on CentOS6. 

 

Installation procedure

To start the installation procedure, install the epel repository by executing the following command and press y to continue with the installation. 

[root@node2 ~]# yum install epel-release -y
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Base
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:6-8 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
.
.
.
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : epel-release-6-8.noarch                                                                                                                                                                          1/1
  Verifying  : epel-release-6-8.noarch                                                                                                                                                                          1/1
Installed:
  epel-release.noarch 0:6-8                                                                                                                                                                                        
Complete!

The repositories are installed in the target system. Now install the Nginx package in the target system by running the following command. 

[root@node2 ~]# yum install nginx -y
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirror.fibergrid.in
 * epel: epel.mirror.angkasa.id
 * extras: mirror.fibergrid.in
 * updates: mirror.fibergrid.in
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 0:1.10.2-1.el6 will be installed
--> Processing Dependency: nginx-filesystem = 1.10.2-1.el6 for package: nginx-1.10.2-1.el6.x86_64
--> Processing Dependency: nginx-all-modules = 1.10.2-1.el6 for package: nginx-1.10.2-1.el6.x86_64
--> Processing Dependency: nginx-filesystem for package: nginx-1.10.2-1.el6.x86_64
--> Running transaction check
---> Package nginx-all-modules.noarch 0:1.10.2-1.el6 will be installed
.
.
.
nginx-mod-http-image-filter.x86_64 0:1.10.2-1.el6      nginx-mod-http-perl.x86_64 0:1.10.2-1.el6            nginx-mod-http-xslt-filter.x86_64 0:1.10.2-1.el6    
  nginx-mod-mail.x86_64 0:1.10.2-1.el6            nginx-mod-stream.x86_64 0:1.10.2-1.el6               
Complete!

Now start and enable Nginx service by executing the following commands. 

[root@node2 ~]# service nginx start
Starting nginx:                                            [  OK  ]
[root@node2 ~]# chkconfig nginx on

To create a separate directory for SSL certificate, execute the mkdir command. 

[root@node2 ~]# mkdir /etc/nginx/ssl

Next move to that SSL directory to perform the further steps using the cd command

[root@node2 ~]#  cd /etc/nginx/ssl

Create Server key file by executing the following key in the terminal. 

[root@node2 ssl]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
...++++++
...........................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

Create the certificate file by running the following command and fill the necessary informations to generate certificate as required. 

[root@node2 ssl]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
.
.
.
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1234
An optional company name []:1234

To create a backup for server key file (server.key) run the following command. 

[root@node2 ssl]# cp server.key server.key.org

Use the server key command to remove the passphrase from the SSL certificate. 

[root@node2 ssl]# openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org:
writing RSA key

The Certificate is created successfully. Sign in to the installed SSL Certificate

[root@node2 ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=IN/ST=tamilnadu/L=chennai/O=linuxhelp/OU=linux/CN=linuxhelp/emailAddress=linuxhelpserver@gmail.com
Getting Private key

The SSL certificate is signed in. Now edit the SSL Configuration file using the vim editor. 

[root@node2 ssl]# vim /etc/nginx/conf.d/ssl.conf

server {
    listen       443;
    server_name node2.example.com;
    ssl on;
    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;
}

The changes are made in the configuration file. Restart the Nginx service by executing the following command. 

[root@node2 ssl]# service nginx restart
Stopping nginx:                                            [  OK  ]
Starting nginx:                                            [  OK  ]

Open the browser and call the server IP with HTTPS protocol by executing the following IP https://192.168.5.161 and the Nginx page appears as follows. 
nginx

Wasn't that an easy installation procedure? The SSL certificate will expire after one year.


Thank you! for using Linux Help.

You find this tutorial helpful? Share with your friends to keep it alive.
For more help topics browse our website www.linuxhelp.com
Be the first to comment, we value your suggestions. For further queries please comment below.

Tags: Nginx CentOS SSL-Certificate
user image Author :  Nicholas