WordPress-Nginx + Thawte SSL Setup

After exploring different WordPress-Nginx configurations lets head over to secure your WordPress.

Steps mentioned in this article are similar for all kind of WordPress-Nginx configuration.

Step 1: Create CSR – Certificate Signing Request on Nginx Server

Create a directory to store keys & certifcates for example.com domain. You can use any directory. Following example uses these conventions.

mkdir /var/www/example.com/cert/
cd /var/www/example.com/cert/

Next, create a 2048-bit private key

openssl genrsa -out example.com.key 2048

Finally Create a CSR (Certificate signing request)

openssl req -new -key example.com.key -out example.com.csr -sha256

Running this command will ask you some details. For Common Name (eg, YOUR name) []: field use example.com (or *.example.com if you are setting up a wild-card SSL certificate)

Note: www.example.com and example.com are not same. Use exactly same domain your website is using.

Step 2: Get a SSL Certificate from Thawte

1. Buy a SSL certificate from Thawte.com  or dh.rtcamp.com. dh.rtcamp.com is our portal and we get to sell Thawte certificate at 67% discounts.
2. Paste CSR i.e. content of example.com.csr in Thawte or dh.rtcamp.com web-interface. You will need to provide some more details, Try to match them to details in Step #1.
3. Depending on type of certificate, it may take some time for Thawte to approve your certificate.
4. Once certificate is approved, you will get a link via email from Thawte. You can follow link to download certificate from Thawte website.
5. On Thawte user portal, go to “View Certificate Information” section which looks like screenshot below.
6. You need to download certificate in X.509 format and also “Additional Certificates” >> “Apache Bundle”.
   

Screenshot:

(click on above screenshot to open larger image)

Step 3: Fix Intermediate Certificate Chain

From Thawte portal you will download 2 files: -_example_com_ee.crt and -_example_com_apache.crt.

One is your certificate and other is bundle i.e intermediate certificates. Nginx doesn’t have a special directive to specify path to certificate bundle/chain file. So we need to append bundle into SSL certificate file itself in a way that SSL certificate remains on top.

You can do it simply by running following command:

cat -_example_com_ee.crt -_example_com_apache.crt > example.com.crt

Move this example.com.crt file to /var/www/example.com/cert/directory on nginx server.

Step 4: Adjusting Nginx Configuration

Enable SSL for example.com

Make it look like below:

server {
    listen 443;
    server_name example.com;
    ssl on;
    ssl_certificate /var/www/example.com/cert/example.com.crt;
    ssl_certificate_key /var/www/example.com/cert/example.com.key;
 #... other stuff
}

Force non SSL site to redirect traffic to SSL

Add following codes if you want to force SSL on your site.

server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

Turn on SSL session cache for performance

In file /etc/nginx/nginx.conf, inside http {..} block add following:

http {
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    #... other stuff
}

Also make sure value of worker_processes directive is greater than 1 (only if your server has multiple cores).

Finally, reload the processes to make the change take effect.

service nginx reload

Step-4: Ask WordPress to use SSL

Add following to you WordPress’s wp-config.php file.

To force SSL for login form:

define('FORCE_SSL_LOGIN', true);

To force SSL for wp-admin section:

define('FORCE_SSL_ADMIN', true);

Step-5: Verifying SSL Installation

Last and most important step is to verify if we have installed SSL certificate properly.

Below are some nice online tools to help you with that:

1. https://www.wormly.com/test_ssl
2. https://sslcheck.globalsign.com/en_US/sslcheck

If you face any issues, feel free to use our free support forum.

Links: WordPress-Nginx Series | Buy Thawte SSL Certificates for upto 67% discount