There has been a lot of discussion about SSL(HTTPS) since Google announced that they would boost ranking of secure websites. It's not very hard to add the certificate to your own website but there is some important staff to understand before!

SSL Certificates

I guess most of you know what SSL is but, for the people who don't, I'll keep it simple: It's a way to secure the connection between the client browser and the web server. All traffic sent is encrypted so it cannot be intercepted by anyone (well, actually you can, but nobody will understand).

Certificate authority

There are different CA that offer different types of certificates but I won't go into detail now. It's important to understand that a CA is a trusted company who offer certifications to web owners. I explain this because it's possible to generate our own certificate (with openssl for example) and use it in our own websites but unfortunately web browser wouldn't see us as trusted(It may be good for development environments though). The problem's that some viewers may get this nasty warning that I'm sure you have seen before:

Untrusted certificate

So we need to get a certification from a trusted CA if we want to get rid of it. It usually costs some money depending on the key but some websites offer a free version which will do the job perfectly. In my case I went for Startssl. It just took 15 minutes to get the free certificate.

Remember to export the private server key to a file. We will need it later.

Nginx configuration

Once you get the certification you should have two files:

  1. server.key (this will contain the private server key)
  2. server.crt (this is the certificate)

Now copy them to your web server, I usually save them in the nginx folder in /etc/nginx/ssl but feel free to place them wherever you want.

By default web browser use port 443 for HTTPS connections. We have two options, redirect all traffic to the HTTPS sites or have two different server blocks: one for the http(:80) and the other one for the https(443). I'll use the former one.

Redirect all traffic

Remember that it's much better to use a permanent return (301) than a rewrite!! So add the following code to /etc/nginx/sites-enabled/your_site.config

server {  
    listen 80;
    root /var/www/your_site;
    server_name http://your_site.com;
    return 301 https://$server_name$request_uri
}

This will redirect everything to the HTTPS site. Remember that all browsers look for port 443 in secure connections so lets define the server block for that port:

server {  
    listen 443 ssl;
    root /var/www/your_site;
    server_name your_site.com;

    ssl on;
    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key; 

    ....

}

That's it! Just restart nginx and you should have a secure website!

sudo service nginx restart  
Chrome certificate information

If you have any problem or suggestion just write a comment below and I'll try to help.