How to install an SSL certificate on CentOS and Fedora on Nginx

Magnify your website security

Did you install an SSL certificate on your CentOS or Fedora hosted server using Nginx as the Web server? If not, you may want to consider it. With hackers targeting businesses large and small, even Google is nudging site owners to heighten website security. The search engine grants a higher Google PageRank to those whose sites encrypt the transmissions with the https:// prefix. Now, that type of security requires an X.509 Digital Certificate, commonly referred to as an SSL (Secure Sockets Layer) certificate.

To get started, you’ll first need to acquire a digital certificate, then install it on a CentOS or Fedora hosted server using Nginx as the Web server. Read on for a bit of background on the certificates and exact steps for installing.

Available SSL certificates for CentOS and Fedora

A trusted third party called a Certificate Authority (CA) issues the three types of digital certificates: Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV). The CA guarantees the digital certificate’s authenticity with a digital signature so that end users (or their software) can trust that the server is really the site it purports to be. Not sure which digital certificate is your best bet? I’ve detailed each below, listing them from least to most secure.

Domain Validation (DV)

Domain Validation certificate states that the domain is registered by someone with admin rights to the website. If the certificate is valid and signed by a trusted CA, a browser connecting to the site will inform you that it has successfully secured an HTTPS connection. A DV is a good bet to secure a blog or simple website.

Organization Validation (OV)

An Organization Validation certificate validates the domain ownership and include ownership information such as the site owner’s name, city, state, and country.

Extended Validation (EV)

An Extended Validation certificate authenticates the domain ownership and organization information, as well as your organization’s legal existence. This is the go-to certificate for those engaging in e-commerce. In many browsers, you can easily identify websites with an EV SSL certificate by their green address bars.

How to secure the service with an SSL certificate

To get started, you’ll first need to purchase or acquire the SSL certificate. If needed, here are additional details on how to request an SSL certificate and verify it.

If you have purchased a CA-approved SSL certificate, delivery might take from hours for a DV to weeks for an EV. The CA will inform you when the certificate is ready for download.

Here’s how to download the SSL certificate in seven steps:

  1. Log into Account Manager.
  2. Click SSL Certificates.
  3. Pick the certificate you want to use and click Manage.
  4. Next to the certificate you want to use, in the Actions column, click View Status.
  5. Click Download.
  6. Select the server type, and then click Download Zip File.
  7. Safely store the downloaded file for the future.

How to install an SSL certificate for the Nginx server on CentOS and Fedora

Installing an SSL digital certificate for Nginx won’t bust the brain.

Step 1: Log into the server as root using SSH.

Step 2: Check the OpenSSL client software.

Make sure the OpenSSL client software needed for a secure website is in place with:

# yum install mod_ssl openssl

This will either install OpenSSL or inform you that it’s already present.

Step 3: Make a directory to store the server key and certificate.

# mkdir /etc/nginx/ssl

Step 4: Copy your SSL certificate file and server key to the new directory.

Step 5: Edit the SSL configuration file. Below is an example using the vi text processor.

# vi /etc/nginx/sites-available/default/your_very_own_domain.com

Once open, edit the file so that it points to the correct files in your web server. It will look something like this:

server {
listen  80;
listen 443 ssl;

ssl on;
ssl_certificate /etc/ssl/your_domain_name.pem; 
ssl_certificate_key /etc/ssl/your_domain_name.key;

server_name your_very_own_domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/your_very_own_domain.com/public/;
index index.html;
}
}

Step 6: Restart the Web server.

#  /etc/init.d/nginx restart

The secured site should be available at https://www.your_very_own_domain.com.

Learn about the four types of SSL certificates available:

Wildcard SSL Certificate
Extended Validation SSL Certificate
SAN SSL Certificate
Organization Validation SSL Certificate

Image by: Todd Huffman via Compfight cc

Steven Vaughan-Nichols
Steven J. Vaughan-Nichols (aka sjvn) has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system, 300bps was a fast Internet connection, WordStar was the state of the art word processor, and we liked it. His work has been published in everything from highly technical publications (IEEE Computer, ACM NetWorker, Byte) to business publications (eWEEK, InformationWeek, ZDNet) to popular technology (Computer Shopper, PC Magazine, PC World) to the mainstream press (Washington Post, San Francisco Chronicle, BusinessWeek).