NGINX

This document describes how to install a certificate on a NGINX server.

Prerequisites

1. The certificate is in the Issued state.
2. You have obtained the certificate package.

Obtain the certificate file

Download the certificate package from the KCM console and decompress the package to obtain the .key file and .pem file.

Install the server certificate

1. Copy files server.key and server.pem to the conf folder in the NGINX installation directory.
2. Open the nginx.conf file in the conf folder.
3. Locate the following lines:

# HTTPS server 
# 
#server { 
#    listen       443; 
#    server_name  localhost; 
#    ssl                  on; 
#    ssl_certificate      cert.pem; 
#    ssl_certificate_key  cert.key; 
#    ssl_session_timeout  5m; 
#    ssl_protocols  SSLv2 SSLv3 TLSv1; 
#    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#    ssl_prefer_server_ciphers   on; 
#    location / { 
#        root   html; 
#        index  index.html index.htm; 
#    } 
#} 

4. Use the following lines to replace the previously mentioned lines:

    server { 
    listen       443; 
    server_name  localhost; 
    ssl                  on; 
    ssl_certificate      server.pem; 
    ssl_certificate_key  server.key; 
    ssl_session_timeout  5m; 
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
# Using of TLS1.1 and TLS1.2 require OpenSSL1.0.1 or higher. It is recommended that you use the up-to-date OpenSSL version 1.0.1 or 1.0.2.
    ssl_ciphers  HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM; 
    ssl_prefer_server_ciphers   on; 
    location / { 
        root   html; 
        index  index.html index.htm; 
    } 
} 

5. Save and close the file, and then restart NGINX.
6. Use HTTPS to access your website and verify that the certificate has been installed correctly.