WordPress-Nginx + Comodo SSL Setup

After exploring different WordPress-Nginx configurations lets head over to secure your WordPress.

Steps mentioned in this article are similar for all kind of WordPress-Nginx configuration.

Step 1: Create CSR – Certificate Signing Request on Nginx Server

Create a directory to store keys & certifcates for example.com domain. You can use any directory. Following example uses these conventions.


			mkdir /var/www/example.com/cert/
cd /var/www/example.com/cert/

Next, create a 2048-bit private key

			openssl genrsa -out example.com.key 2048

Finally Create a CSR (Certificate signing request)

			openssl req -new -key example.com.key -out example.com.csr -sha256

Running this command will ask you some details. For Common Name (eg, YOUR name) []:field use example.com

Note: Comodo SSL provide www.example.com and example.com in same certificate.

If you are renewing existing SSL certificate, you can follow step 2 and 3 below. Make sure CSR already generated from server.

Step 2: Get a SSL Certificate

Buy a SSL certificate from comodo site or dh.rtcamp.com (is our portal).
Paste CSR i.e. content of example.com.csr in comodo account or dh.rtcamp.com portal. You will need to provide some more details, Try to match them to details in Step #1.
Depending on type of certificate, it may take some time for Comodo to approve your certificate.
Once certificate is approved, you will get a link via emails. Once email to verify your SSL certificate and once it approved, second email with bundle zip file of SSL.

Step 3: Fix Intermediate Certificate Chain

In email’s zip file you will get 4 files:

1. Root CA Certificate – AddTrustExternalCARoot.crt
2. Intermediate CA Certificate – COMODORSAAddTrustCA.crt
3. Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
4. Your PositiveSSL Certificate – example_com.crt

Now we need to append these file into SSL certificate file itself in a way that SSL certificate remains on top.

You can do it simply by running following command:

			cat example_com.crt COMODORSADomainValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt > example.com.crt

No need to use AddTrustExternalCARoot.crt just to avoid Chain issues – Contains anchor.

Move this example.com.crt file to /var/www/example.com/cert/directory on nginx server.

Step 4: Adjusting Nginx Configuration

Enable SSL for example.com

Make it look like below:

			server {
    listen 443;
    server_name example.com;
    ssl on;
    ssl_certificate /var/www/example.com/cert/example.com.crt;
    ssl_certificate_key /var/www/example.com/cert/example.com.key;
 #... other stuff
}
		
			
		

Force non SSL site to redirect traffic to SSL

Add following codes if you want to force SSL on your site.

			server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}
		
			
		

Turn on SSL session cache for performance

In file /etc/nginx/nginx.conf, inside http {..} block add following:

			http {
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    #... other stuff
}
		
			
		

Also make sure value of worker_processes directive is greater than 1 (only if your server has multiple cores).

Finally, reload the processes to make the change take effect.


			service nginx reload

Step-4: Ask WordPress to use SSL

Add following to you WordPress’s wp-config.php file.

To force SSL for login form:


			define('FORCE_SSL_LOGIN', true);

To force SSL for wp-admin section:


			define('FORCE_SSL_ADMIN', true);

Step-5: Verifying SSL Installation

Last and most important step is to verify if we have installed SSL certificate properly.

Below are some nice online tools to help you with that:

1. 1. https://www.wormly.com/test_ssl
  2. https://sslcheck.globalsign.com/en_US/sslcheck

If you face any issues, feel free to use our free support forum.

Links: WordPress-Nginx Series | Buy Comodo SSL certificate