Install The Intermediate Certificate And The Ssl Certificate Nginx

Install The Intermediate Certificate And The Ssl Certificate Nginx

How To Install The Intermediate Certificate On Nginx

The process of installing the intermediate certificate on Nginx is relatively straightforward. Firstly, you’ll need to obtain the intermediate certificate from your Certificate Authority (CA). Some will provide the bundle in a .zip file containing multiple files, and others will provide the external bundle by itself. If you have the bundle in a .zip file, extract the files.

Once you have your bundle, you’ll need to locate the NGINX configuration file. This is typically located in the directory /etc/nginx. Now, you’ll need to copy the content of the intermediate certificate into the file that configures SSL certificates. The specific file name can vary, but is typically named something similar to ssl.conf.

Once you have opened the file, add the content of the intermediate certificate between the two lines that look like this: ssl_certificate and ssl_certificate_key. Each of these lines should have a filepath immediately below them, which is the path where your SSL certificate and private key are located.

Finally, you’ll need to save the changes that you’ve made and then restart the Nginx server. Your command will vary depending on the operating system that you’re using. Once you have restarted the server, the intermediate certificate will be installed and ready to use.

How To Install The SSL Certificate On Nginx

The next step in setting up your website over SSL is to install the SSL certificate on Nginx. The first step is to locate the SSL configuration file. This is typically located in the same directory as the Nginx configuration file, and carries a very similar name. In this file, you’ll need to open the certificate and the key files, and copy the content from each into the file.

Your SSL certificate should be listed first, between the ssl_certificate and ssl_certificate_key lines. This is followed by the content of the private key beneath the line that reads “ssl_certificate_key”. Once you have done this, save the file once again and restart the Nginx server.

Once the server has restarted, you should be able to view the secure website by typing in your domain into the address bar with https:// at the beginning. It is important to note that this step will not be taken if you are using a shared hosting environment, as the SSL certificate will usually be managed by your hosting provider rather than you.

Testing The SSL Certificate On Nginx

Once the SSL certificate is installed on Nginx, you’ll need to test it to make sure that everything is working correctly. The best way to do this is to use an online tool such as Qualys SSL Server Test. To run the test, simply type your website address into the Qualys SSL Server Test website, and click “Go”. This will then begin running the test.

In order to pass the test, the SSL certificate must be installed properly and there must be a valid chain of trust between the SSL certificate and the Intermediate Certificate. If any of these requirements are not met, the test will fail and errors will be displayed. In this case, you’ll need to go back and troubleshoot any issues that are present.

You should also test the SSL on a different web browser, as some browsers may use a different chain of trust. This is an important step that should not be skipped, as some browsers may not properly validate your SSL certificate if it is not configured correctly.

Restrict Access To Your Website Over SSL

In some cases, you’ll want to restrict the access to your website over SSL only. For example, if you have a private area that should not be accessed over an unsecured connection, it would be best to restrict access to SSL https:// only. To do this, you’ll need to edit the site’s configuration file and add the following code:

server {
listen 80;
return 301 https://$server_name$request_uri;

After you have added this code, make sure to save the changes and restart the server. After you have done this, your server will now redirect all requests from http:// to https:// (secure website).

Turning On HSTS On Nginx

HSTS, or HTTP Strict Transport Security, is a security policy that forces your server to automatically redirect any requests to an HTTPS connection. This is ideal for ensuring that the connection between your server and the user is always secured, as it will prevent users from manually typing in a non-secure connection.

Adding HSTS is relatively easy to do in Nginx. You’ll need to add the following code to your Nginx configuration file:

add_header Strict-Transport-Security “max-age=31536000; includeSubDomains”;

Again, once you have added this code, make sure to save the changes and restart the server. After restarting, your server should now be configured to always redirect requests to the secure HTTPS connection.

Finalizing The Installation On Nginx

Once you have completed the installation process, you should be able to access your website over a secure HTTPS connection. Visiting your domain should display a page with a green icon next to the address, confirming that the secure connection is being made.

You should also check that your website is not being flagged by any search engines that crawl for insecure HTTP connections. Common search engines such as Google have started to flag websites that are not connected securely, so it’s important to make sure that this is not the case.


In conclusion, the process of installing the Intermediate Certificate and the SSL Certificate on Nginx is relatively straightforward. Although the process may seem daunting, following this guide should make the installation process a lot simpler. After the initial setup is complete, you can use tools such as Qualys SSL Server Test to make sure that the certificate is properly installed, and that the connection between the user and the web server is secure.

Thank you for reading this article. Please read other articles in this blog for more information regarding setting up your website over SSL.

Leave a Reply

Your email address will not be published. Required fields are marked *