How to Install a Wildcard SSL Certificate on NGINX Server?

1 Star2 Stars3 Stars4 Stars5 Stars (18 votes, average: 4.94 out of 5)
Loading...
How to Install a Wildcard SSL certificate on NGINX

A Wildcard SSL certificate is a subdomain SSL wherein you receive paramount security for your subdomains. It is a single certificate with a Wildcard (*) character. Thus, it safeguards your chief domain and its subdomains against various cybercrimes from time to time. 

Wildcard SSL certificates can offer a variety of benefits to its users. Providing specific security saves not only ample time but also energy. You also need not invest extra money on diverse chief domains as they cover all subdomains under a single roof. 

In this article, we will learn how to install Wildcard SSL certificates on the Nginx server. We will also cover some prerequisites you must follow while implementing the wildcard certificate.

Steps To Generate a CSR and Private Key on Nginx Server 

To obtain the Wildcard SSL certificate, it becomes prudent to obtain a Certificate Signing Request (CSR). This is one of the primary steps to acquiring a certificate. So, if you are installing an SSL certificate on your Nginx server, make sure you generate the CSR on the Nginx server. If you have not generated a CSR yet, follow the steps.

The CSR generally contains essential confidential information ranging from location to organization to country. The CA generates your certificate using these significant confidential details so that the Nginx Wildcard certificate is specifically curated for your leverage and domain safety. 

Similarly, a Private key helps make the encryption and decryption of data possible between two adjacent parties. It is a solitary file that the server creates when it generates a CSR. 

To Generate the CSR with Nginx using OpenSSL

Step 1: Login to the Server using SSH client (Putty).

Step 2: Run below openSSL command.

openssl req –new –newkey rsa:2048 –nodes –keyout (server).key –out (server).csr

Note: Modify the “server” text in the above command line using your own server name.

Step 3: Next, you will have to submit a Common name. For this purpose, type the name of qualified domain that you are hoping to secure. 

Step 4: Now, provide your organizational details

Step 6: At this point, tap into your SSL/TLS certificate and receive your files (Here, you will receive both CSR and Private-key files).

Step 7: Save the Private key on the same server where you want to install the SSL certificate. 

Step 8: Use the Certificate Signing Request (CSR) file and generate the certificate by submitting it to the CA via the SSL vendor or directly to the Certificate Authority.

Also Read: How to Enable HTTP/2 Support in Nginx Configuration?

Installing a Wildcard SSL Certificate on Nginx Server

Step 1: Purchase your Wildcard SSL certificate 

At this point, to go forward with installing the Wildcard SSL certificate on Nginx, it becomes essential for you to Purchase Wildcard SSL from the best SSL providers at the most nominal prices.

  • Remember to ensure that the certificate you purchase fits your criteria properly. Evaluate the features and benefits it has to offer.
  • Also, do not forget to consider the encryption strength and CSR key signature it can offer to your subdomains. 

Step 2: Download the Certificate Files To Your Server

  • You must have received your CA bundle files by now. Check your email for the CA bundle file, where your certificates will be provided.
  • You will receive intermediate and primary certificates in this CA bundle zip file.

Step 3: Configure the Nginx server with the New Certificate

  • In the second step, we have helped you understand how to properly receive your primary and intermediary certificates.
  • Now, using smart software like FTP or SSH, log in to your server and install both certificates in the path “/etc/ssl” on the Nginx server.
  • You must also copy the private key generated during the procurement of the CSR.
  • After this, you need to concatenate both certificates. So, you need to run the command accordingly. 

Step 4: Merge both the Intermediate and Primary Certificates

To complete the merge process, you need to run the openSSL command.

cat your_domain_name.crt intermediate.crt >> bundle.crt

Step 5: Modify your Nginx Virtual Hosts file

  • Now, edit the virtual host files of the Nginx server.
  • So, open the host file and paste the code in the original one.
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt)
ssl_certificate_key /etc/ssl/your_domain_name.key;
server_name your.domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}

Note: Make sure you adjust the file names so they can match the certificate files.

Step 6: Test The Installation For Success 

Restarting Nginx and checking if the certificate was installed properly is important.

Tips To Consider 

Use Nginx Latest Version 

You must use the most recent version when installing Wildcard SSL certificate Nginx. It is important not to miss out on any updates that help enhance the browser’s compatibility. As such, your certificate is likely to work better and help protect your subdomains more effectively. 

Update Your SSL Certificates 

It is essential to update your SSL certificate to ensure you stay updated with HTTPS encryption without any compromise. For this purpose, you need to keep renewing your SSL certificate regularly. 

Consider using a Certificate Management Service

Installation of your certificate is generally a simple process. However, it is best to leverage a Certificate Management service to simplify it further and maintain it without any risk factors involved. So, find out about the most reputable CMS to have a seamless experience. 

Also Read: How to Install SSL Certificate to a WordPress Site Hosted on Nginx Server?

Winding Up

Start by generating a CSR and private key. Then, get your Wildcard SSL certificate and download the files to your server. After this, ensure you configure the Nginx server efficiently with the latest certificates and test the installation for minimal hindrances. And Voila! Your certificate is ready to operate. 

Secure your Site Now

Enable HTTPs on your Website by Purchasing SSL, Generate CSR and Install on your Web Server.

Starts at Just $3.99/Yr
Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast having 7+ years of experience and knowledge about Encryption, Digital Certificates and Online Security, She helps online users to stay safe and protect their online presence. Explore SSL Errors, Installation Guide and Security Tutorials for Safe Browsing and Web Security Experience.