Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2016-06-27 15:54:22.0

SSL/TLS Certificate Installation Instructions - NGINX

Article Number: 46522

Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2015-11-25 15:35:03.0

TN 8471 - SSL/TLS Certificate Installation Instructions - NGINX

Before you begin
  • Never share private keys files.
  • It is recommended that you backup your NGINX configuration file before making any changes to it. If you are replacing an existing certificate, make sure you back up the old certificate and private key to recover the previous configuration.
  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
  • It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
  • For more information on SSL/TLS Best Practices, click here.


Installing your Entrust SSL/TLS Certificate on NGINX

1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a a zip file that contains a file named CertificateBundle1.pem. This file includes your concatenated certificate and chain files. Copy this file to your server.

2. You must edit the NGINX virtual host file to point to the new certificate and private key files. Edit the lines below that are in bold to point to:

  • Your ssl_certificate: This should point to the file CertificateBundle1.pem that was downloaded in step 1
  • Your ssl_certificate_key: This is your private key file that was generated previously when you created your CSR. Your private key is cryptographically linked to your certificate, so make sure you are pointing to the correct private key file.

listen 443;
server_name www.mysite.com;
ssl on;
ssl_certificate /path/to/SSL/CertifcateBundle1.pem;
ssl_certificate_key /path/to/SSL/private.key;

3. Restart your NGINX server by running the following command:

sudo /etc/init.d/nginx restart