Install Certificate - Nginx

Mar 11, 2024

Install Certificate - Nginx


This article will walk you through installing a Certificate in Nginx. If this is not the solution you are looking for, please search for your solution in the search bar above.


You can watch the video below for a tutotial.




Or, you can check the step by step guidelines below.

To install a certificate in Nginx, a `Certificate Bundle` must be created. To accomplish this, each certificate (SSL Cert, Intermediate Cert, and Root Cert) must be in the PEM format.

  1. Open each certificate in a plain text editor.
  2. Create a new document in a plain text editor.
  3. Copy and paste the contents of each certificate into the new file.
    The order should be:
    • Your GlobalSign SSL Certificate
    • GlobalSign Intermediate Certificate
    • GlobalSign Root Certificate
  4. Your completed file should be in this format:
    #Your GlobalSign SSL Certificate#
    -----END CERTIFICATE-----
    #GlobalSign Intermediate Certificate#
    -----END CERTIFICATE-----
    #GlobalSign Root Certificate#
    -----END CERTIFICATE-----
  5. Save this `Certificate Bundle` as a .crt
  6. Upload the Certificate Bundle & private key to a directory on the Nginx server.
  7. Edit the Nginx virtual hosts file.
    Open the Nginx virtual host file for the website you are securing.
    If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection.
    Make a copy of the existing non-secure server module and paste it below the original.
    Add the lines shown below:
    listen 443;
    ssl on;
    ssl_certificate /etc/ssl/your_domain.crt;
    ssl_certificate_key /etc/ssl/your_domain.key;
    access_log /var/log/nginx/nginx.vhost.access.log;
    error_log /var/log/nginx/nginx.vhost.error.log;
    location / {
    root /home/www/public_html/;
    index index.html;
  8. Very Important – Make sure you adjust the file names to match your certificate files:
    • ssl_certificate should be your primary certificate combined with the root & intermediate certificate bundle that you made in the previous step (e.g. your_domain.crt).
    • ssl_certificate_key should be the key file generated when you created the CSR.
  9. Restart Nginx:
    sudo /etc/init.d/nginx restart

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support