How-to Configure SSL Certificate Chain for Nginx

By | 2013/09/02

nginx is a little different from apache when it comes to ssl certificates. I’ll show you how it works!

1. First, gather the three typical SSL certificate files, and save those as plain text files.

– private key (name this
– intermediate certificate from your SSL cert vendor (name this intermediate.crt)
– signed SSL certificate from your SSL cert vendor (name this

2. Next, create a copy of your .crt as .pem.

(Note, the copy is totally optional, but I like to work from a copy and call it .pem since it is then technically a pem bundle.)

$ cp

3. Next, add in the intermediate cert to your SSL cert as below. (nginx requires the intermediate cert be a part of the signed SSL cert in a bundle.)

$ cat intermediate.crt >> 

4. Finally, in the nginx server config, specify your .pem and .key files where they exist on your server. The Debian defaults are used and shown below:



   ssl on;
   ssl_certificate /etc/ssl/certs/;
   ssl_certificate_key /etc/ssl/private/;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;

   add_header Strict-Transport-Security max-age=31536000;



One thought on “How-to Configure SSL Certificate Chain for Nginx

  1. Bio

    Previously i’ve been using to resolve this problem but rapidssl’s certificate cause problem and the technique does not work.
    Glad i’ve found another solution 🙂 shows me A which is great.

    But another problem appearing on – ROOT 1 missing. How to solve it ??


Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.