Steps to generate a Certificate Signing Request (CSR) for an SSL certificate in NGINX
Create an OpenSSL configuration file:
openssl genrsa -out server.key 2048
This will generate a 2048 bit RSA private key called server.key.
Now create the CSR:
openssl req -new -key server.key -out server.csr
You'll be prompted for information like:
- Common Name (domain name)
- Organization Name
- Locality/City
- State/Province
- Country code
This creates the CSR file server.csr.
You can now submit this server.csr file to a CA like DigiCert, LetsEncrypt, etc. to obtain an SSL certificate.
Once you receive the certificate file (typically named server.crt) and any intermediate CA certificates, you can configure NGINX to use them:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/server.crt;
ssl_certificate_key /path/to/server.key;
ssl_trusted_certificate /path/to/intermediate.crt;
}
Restart NGINX to apply the changes:
systemctl restart nginx
This configures NGINX to use your SSL certificate (server.crt), private key (server.key), and any intermediate CA certificate files.
Top comments (0)