Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-04-10 14:26:29.0

SSL/TLS Certificate Installation Instructions - NGINX

Article Number: 46522

User-added image
Purpose:
SSL/TLS certificate installation guide
For NGINX
User-added image
Skip to installation

Need Certificate Signing Request (CSR) help? Read our technote here.

Before you begin...

  • Never share private keys files.
  • It is recommended that you backup your NGINX configuration file before making any changes to it. If you are replacing an existing certificate, make sure you back up the old certificate and private key to recover the previous configuration.
  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
  • It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
  • For more information on SSL/TLS Best Practices, click here.

Installing your Entrust SSL/TLS Certificate on NGINX

1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a a zip file that contains a file named CertificateBundle1.pem. This file includes your concatenated certificate and chain files. Copy this file to your server.

2. You must edit the NGINX virtual host file to point to the new certificate and private key files. Edit the lines below that are in bold to point to:
  • Your ssl_certificate: This should point to the file CertificateBundle1.pem that was downloaded in step 1
  • Your ssl_certificate_key: This is your private key file that was generated previously when you created your CSR. Your private key is cryptographically linked to your certificate, so make sure you are pointing to the correct private key file.

server
{
listen 443;
server_name www.mysite.com;
ssl on;
ssl_certificate /path/to/SSL/CertifcateBundle1.pem;
ssl_certificate_key /path/to/SSL/private.key;
}

3. Restart your NGINX server by running the following command:

     sudo /etc/init.d/nginx restart

User-added imageYour SSL/TLS certificate installation is now complete. 

You can verify the installation of the certificate using the Entrust Datacard SSL/TLS install checker.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call. 

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088


?

TN8471