How to install SSL certificate from Windows Server to Ubuntu NGINX
Actually, what I want to tell here is how to take an SSL certificate installed on a windows server and activate it in Nginx on an Ubuntu server. We have a website on Docker running on a Linux Ubuntu server and we want to publish it with SSL. Let’s assume that you have created SSL with a request over IIS on a windows server before and it is setup with SSL response. Actually, this is a more advanced scenario, because if it is to be installed from scratch, the pem and key files required for Linux will already be delivered to you.
First of all, let’s get the SSL certificate installed from IIS in pfx format;
Now let me copy this pfx file to a folder in Ubuntu. You can easily do this with terminal tools that you will connect via ssh. This folder we are moving is not the actual folder where we will keep the ssl. It will be the folder I will use when creating pem and key files from just pfx. Then we will take these files (pem and key) and copy them to the relevant folder.
Key and pem files are created with the following lines in the folder where pfx is located in the terminal.
- Run the following command to export the private key:
openssl pkcs12 -in star_domain_com.pfx -nocerts -out star_domain_com.key -nodes - Run the following command to export the certificate:
openssl pkcs12 -in star_domain_com.pfx -nokeys -out star_domain_com.pem
With the following line, I take the pem and key files that I created from my temporary folder and put them in the ssl folder under etc;
cp -b /home/ubuntu/ssl/star_domain_com.pem /etc/ssl
cp -b /home/ubuntu/ssl/star_domain_com.key /etc/ssl
Let’s configure Nginx now. For this, we need to go to the folder where nginx.conf is located. When you go to cd /etc/nginx in Ubuntu terminal, if there is a definition you have created for 80 pore for nginx before, it will be opened, otherwise a new cof file will be created and the following routing and ssl definitions will be made.
Here my app is running on a port on docker. When I come to port 443 from outside, I redirect to the port where docker is published; For example, let’s say my server’s external IP is 100.100.100.100, and it’s running on 8080 on docker. The dns address I want to forward is subdomain.domain.com.
upstream subdomain.domain.com {
server 100.100.100.100:8080;
}server {
listen 443;ssl on;
ssl_certificate /etc/ssl/star_domain_com.pem;
ssl_certificate_key /etc/ssl/star_domain_com.key;server_name subdomain.domain.com;
client_max_body_size 2000M;access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;location / {
proxy_pass http://subdomain.domain.com;
}
}
After saving this file, we need to restart nginx, you can restart it with the following code;
sudo systemctl restart nginx
Checking the latest nginx status appears to be all right;
Hoping it will be useful..
