Digital security, ssl certificate

How to install SSL certificate for ERPNext site on nginx

An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser or end users.

Website owners need to add SSL certificates to their websites to secure online transactions and keep users information private and secure. SSL keeps internet connections secure and prevents Man-in-the-middle from reading or modifying information transferred between two systems.

Here we will install ssl certificate on nginx web site on Linux Ubuntu.

Go to the server that installed nginx and use OpenSSL to run below command to generating an RSA private key

user@nginx:~$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
Generating a RSA private key
...........................................................................................................................................................+++++
...........+++++
writing new private key to 'example.com'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KZ
State or Province Name (full name) [Some-State]:Aqmola
Locality Name (eg, city) []:Astana
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Your company
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

We will get 2 files: example.com.key and example.com.csr

example.com.key is our private key, and we need move it to /etc/nginx/conf.d/ssl/ in order to install ssl certificate later on.

We use example.com.csr to generate ssl certificate from the certificate provider.

Go to the certificate provider and it will ask us to provide the csr in order to create ssl certificate.

As soon as we add csr file to generate ssl certificate we will get PEM Chain, PEM, DER or PKCS-7 format certificate files, and it depends on your ssl provider. here we use PEM Chain file on our nginx server.

Upload pem-chain file into nginx server and put on /etc/nginx/conf.d/ssl/

Then run below command to install ssl certificate on our ERPNext site:

user@nginx:~/frappe-bench$ bench set-ssl-certificate example.com /etc/nginx/conf.d/ssl/example.com.pem-chain
nginx.conf already exists and this will overwrite it. Do you want to continue? [y/N]: y
user@nginx:~/frappe-bench$ bench set-ssl-key example.com /etc/nginx/conf.d/ssl/example.com.key
//example.com.key is the one we have generated at first step.
nginx.conf already exists and this will overwrite it. Do you want to continue? [y/N]: y
user@nginx:~/frappe-bench$ bench setup nginx
nginx.conf already exists and this will overwrite it. Do you want to continue? [y/N]: y
user@nginx:~/frappe-bench$ sudo service nginx reload