In the Alibaba Cloud SSL Certificates console, you can download SSL certificates for Nginx. After you decompress the downloaded package, the following files are displayed:

  • .crt file: indicates the certificate file. crt is the extension of a pem file.
  • .key file: indicates the private key file (the file is not available if you did not select Automatic for CSR Generation when applying for SSL certificates).
Note The .pem certificate file is a Base64-encoded text file. You can modify its extension as needed.
  1. <p class="p">Use the standard Nginx configuration as an example. Assume that the certificate file
  2. is named <span class="ph filepath" id="filepath-a9p-iuw-7r4">a.pem</span>, and the private key file is named <span class="ph filepath" id="filepath-pn1-12n-zco">a.key</span>.
  3. </p>
  4. <ol class="ol">
  5. <li class="li">Create a <span class="ph filepath" id="filepath-egw-02o-sry">cert</span> directory in the Nginx installation directory, and copy all downloaded files to the
  6. cert directory. If you created the <span class="ph filepath" id="filepath-tyo-xiy-afy">CSR</span> file yourself to request a certificate, place the corresponding private key file
  7. in the <span class="ph filepath" id="filepath-3j8-g70-fs4">cert</span> directory and name it a.key.
  8. </li>
  9. <li class="li">Go to <span class="ph menucascade"><span class="ph uicontrol">Nginx installation directory</span><abbr title="and then"> &gt; </abbr><span class="ph uicontrol">conf</span></span>. Open the <span class="ph filepath" id="filepath-j1b-yjo-84d">Nginx.conf</span> file and locate the following configurations:
  10. <pre class="pre codeblock"><code># HTTPS server

#server {

listen 443;

server_name localhost;

ssl on;

ssl_certificate cert.pem;

ssl_certificate_key cert.key;

ssl_session_timeout 5m;

ssl_protocols SSLv2 SSLv3 TLSv1;

ssl_ciphers ALL:! ADH:! EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_prefer_server_ciphers on;

location / {




  1. </li>
  2. <li class="li">Change it to (the attributes that start with ssl are directly related to the certificate
  3. configuration, and the others can be copied or adjusted as needed):
  4. <pre class="pre codeblock"><code>server {
  5. listen 443;
  6. server_name localhost;
  7. ssl on;
  8. root html;
  9. index index.html index.htm;
  10. ssl_certificate cert/a.pem;
  11. ssl_certificate_key cert/a.key;
  12. ssl_session_timeout 5m;
  13. ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:! NULL:! aNULL:! MD5:! ADH:! RC4;
  14. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  15. ssl_prefer_server_ciphers on;
  16. location / {
  17. root html;
  18. index index.html index.htm;
  19. }


  1. <li class="li">Save the settings and exit.</li>
  2. <li class="li">Restart Nginx.</li>
  3. </ol>
  4. </div>
  5. </article>
  6. </main>