As I was installing a certificate to our investors VPS, I had to follow some steps. Wrote them down for future use, but maby somebody else can use it.

Step 1 – Set stronger encryption|
Open /etc/nginx/nginx.conf and add the following lines of code at the end of the file.

;ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';

 

Step 2 – Redirect all HTTP traffic to HTTPS

Make sure that your server redirects all trafic that comes on HTTP to HTTPS. This step is optional.

server {
listen 80;
server_name www.chilion.nl;
return 301 https://$server_name$request_uri;
}

 

Step 3 – Enable HSTS
Find /etc/nginx/sites-available/-default and place a line in the server{}

server {

listen 443 ssl default deferred;

...

# config to enable HSTS(HTTP Strict Transport Security)

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;";

...

}

 

Step 4 – Add certificate
Now add the codes and / or the root and intermediate codes you recieved to your ssl config file /etc/nginx/ssl/server.crt

Step 5 – Restart Nginx

sudo /etc/init.d/nginx restart

Thats all folks, it should work now :)