Some info : https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04
or here : https://support.globalsign.com/customer/portal/topics/538394-nginx/articles
- Create a CSR end a private key ( (/etc/nginx/ssl). Take care to do it using sha256 (instead of sha1)
openssl req -out youdomain.csr -new -newkey rsa:2048 -nodes -sha256 -keyout youdomain.key
- Submit CSR to Synalabs
- Validate email sent from ssl authority (globalsign, alpha ssl...)
- Wait for certificate (CRT)
- Copy certificate, intermediate certificate et root certificate onto your server (/etc/nginx/ssl)
- Create a bundle of the 3 certificates
cat yourdomain.crt intermediate_domain_ca.crt root_ca.crt > yourdomain.bundle.crt
- set strong SSL config following : https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
attention, opération longue
cd /etc/nginx/ssl
openssl dhparam -out dhparam.pem 4096
Mettre en place le paramètre suivant dans le vhost nginx
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
To test SSL : https://sslcheck.globalsign.com/fr/sslcheck and https://www.ssllabs.com/ssltest/index.html