Help & Documentation>SSL Certificates>Certificate Installation>Installation of International Standard Certificates>SSL Certificate Installation and Deployment on Nginx Server (Windows)

SSL Certificate Installation and Deployment on Nginx Server (Windows)

Last updated: 2023-09-28 17:15:09

On this page:

Scenario

This guide illustrates how to install an SSL certificate on a Windows operating system.
Note:
The certificate name cloud.tencent.com is used as an exemplar in this document.
The version of Nginx used as an example in this document is nginx/1.24.0.
The operating system of the current server is Windows Server 2022. Detailed procedures may vary slightly due to differences in operating system versions.
Before installing the SSL certificate, please ensure that the default HTTPS port 443 is enabled on your server to prevent any issues with enabling HTTPS after the certificate is installed.

Instructions

Certificate Installation

1. Please navigate to the SSL Certificate Service Console, select the certificate you wish to install, and click Download.
2. In the "Certificate Download" window that appears, select Nginx as the server type, click Download and decompress the cloud.tencent.com certificate file package to a local directory. After decompression, you can obtain the relevant type of certificate files, which includes the cloud.tencent.com_nginx folder:
Folder Name: cloud.tencent.com_nginx
Folder content:
cloud.tencent.com_bundle.crt: Certificate file
cloud.tencent.com_bundle.pem: Certificate file (this file can be ignored)
cloud.tencent.com.key: Private key file
cloud.tencent.com.csr: CSR file
Note:
The CSR file, either uploaded by you or generated online by the system during the certificate application, is provided to the CA. This file can be disregarded during installation.
3. Copy the obtained certificate file cloud.tencent.com_bundle.crt and the private key file cloud.tencent.com.key from the local directory to the server's C:\nginx\ directory (this can be any directory that does not contain Chinese characters or spaces, please operate according to the actual situation).
4. Edit the conf\nginx.conf file located in the same directory as nginx.exe. The modifications are as follows:
server {
     # The default port for SSL access is 443.
     listen 443 ssl; 
     #Please enter the domain name to which the certificate is bound.
     server_name cloud.tencent.com; 
     #Please enter the absolute path of the certificate file. This path is for reference only, please operate according to the actual directory.
     ssl_certificate C:\\nginx\\certificates\\cloud.tencent.com_bundle.crt; 
     #Please enter the absolute path of the private key file. This path is for reference only, please operate according to the actual directory.
     ssl_certificate_key C:\\nginx\\certificates\\cloud.tencent.com.key; 
     ssl_session_timeout 5m;
     # Please configure according to the following protocol
     ssl_protocols TLSv1.2 TLSv1.3; 
     #Please follow the suite configuration below to set up the cipher suite, adhering to the OpenSSL standard.
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; 
     ssl_prefer_server_ciphers on;
     location / {
         # Website home path. This path is for reference only, please operate according to the actual directory.
         root C:\\html; 
         index  index.html index.htm;
     }
 }
5. Execute the following command to verify the configuration file issues.
.\nginx.exe -t
If issues exist, please reconfigure or modify according to the provided suggestions.
If it does not exist, please proceed to Step 6.
6.
Initiate
Nginx by executing the following command.
start .\nginx.exe
7. Upon successful startup, you can access the server via https://cloud.tencent.com.
If the security lock icon is displayed in the browser, the certificate has been installed successfully.



In case of a website access exception, troubleshoot the issue by referring to the following FAQs:
Unable to access the website via HTTPS
After deploying the SSL certificate, the browser indicates "Website connection is not secure"
Is your site indicating an insecure connection?
What should I do if I am prompted that HTTPS is not secure after reapplying for deployment upon expiration of the SSL certificate?
After deploying the SSL certificate on the server, a 404 error occurs when accessing resources
Note:
If anything goes wrong during this process, please contact us.

中国站 - English