How to do it...

Now that we have a certificate and private key, we can update our NGINX configuration to serve SSL-based sites. Here's our NGINX server directive block:

server { 
    listen              443 ssl; 
    server_name         ssl.nginxcookbook.com; 
    ssl_certificate     /etc/ssl/public.pem; 
    ssl_certificate_key /etc/ssl/private.key; 
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2; 
    ssl_ciphers         HIGH:!aNULL:!MD5; 
 
    access_log  /var/log/nginx/ssl-access.log  combined; 
 
    location  /favicon.ico { access_log off; log_not_found off; } 
    root  /var/www; 
} 

If you have a basic index.html or similar in /var/www, you should see something like the following:

The error message will vary between browsers, but they're all simply letting you know that the certificate presented couldn't be validated and therefore can't be intrinsically trusted. For testing, add an exception here; you should see the SSL site served by NGINX: