Suppose you have a domain greproot.com for which you want to enable SSL. Make sure you have a dedicated IP for the domain. Say, 18.104.22.168 is the dedicated IP address for greproot.com
First, decide where you want to keep your certs and keys. In my case, I am going to place it in /etc/ssl/certs/ and /etc/ssl/keys respectively.
[root@abc ~]#mkdir /etc/ssl/certs/
[root@abc ~]#mkdir /etc/ssl/keys
Now we need to generate CSR and key for the greproot.com, get the cert signed and then install SSL.
[root@abc ~]#cd /etc/ssl/keys
[root@abc ~]#openssl genrsa -out greproot.com.key 2048
[root@abc ~]# chmod 600 greproot.com.key
[root@abc ~]# cd /etc/ssl/certs/
[root@abc ~]#openssl req -new -key greproot.com.key -out greproot.com.csr
Now we have the CSR and key. If you do not need a signed cert, then you can create a self signed certificate from the above CSR and key. If you need a signed cert, take the CSR to a valid certificate signing authority, get it signed and place it in the server at /etc/ssl/certs/greproot.com.crt
[root@abc ~]#openssl x509 -req -days 365 -in greproot.com.csr -signkey greproot.com.key -out greproot.com.crt
Now, whether it be a valid cert or self signed, you have the certificate at /etc/ssl/certs/greproot.com.crt. Now you need to add this to your nginx configuration file. If you want to access greproot.com with both http and https, you should have two separate server modules in the same configuration file – one for http and other for https. To add SSL, all you need to do is, just copy the server module as such and place it at the end of the file. The second one will be used for SSL and will be modified to mention the cert and key path.
[root@abc ~]# vi /etc/nginx/sites-available/
Just add the following lines, before server_name in the second server module and restart nginx.
listen 22.214.171.124:443 ssl;
server_name greproot.com www.greproot.com
[root@abc ~]# /etc/rc.d/init.d/nginx restart
Now try accessing the site at https://greproot.com