1. create ssl folder
sudo mkdir /etc/nginx/ssl
2. go to nginx /ssl folder using below command
cd /etc/nginx/ssl
3.
The first file that we need to create is the private key. While creating the key, we will be asked for a passphrase. We must make sure to remember the passphrase since we will not be able to access the certificate without it.
sudo openssl genrsa -des3 -out server.key 1024
4.
Once we have the key created, we will use the key on order to create Certificate Signing Request.
5.We have to run below command to create certification
sudo openssl req -new -key server.key -out server.csr
It will ask your old pass pharse value and Company Name,City like wise Questions.
you may refer screenshot.
6.If we have a passphrase it has to be typed in manually, so if there is not person available to do it, the website will be offline for a long time. That is why we are going to remove the passphrase from the key file, using the following command
# sudo cp server.key server.key.org
# sudo openssl rsa -in server.key.org -out server.key
7.
Now we are ready to create and sign our certificate by below command
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key
8.
It will be valid for 1 year (365 days). That is something that can be
changed if needed. Now we can use the certificate and assign to a
virtual host. We can copy the Nginx sample configuration file in a new
file and use that.
9.most important part to be change are as follows
server {
listen 443;
server_name our-domain.com;
root /var/www;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
}
After making the changes and saving the file, we should copy the virtual host configuration file into /etc/nginx/sites-enabled/
default file.
Before change it ,please take a backup of it.
and then restart Nginx.
# sudo service nginx restart