SSL certificate installation

This page describes how to initially install an SSL certificate and convert your website to use HTTPS. If you are already using an SSL certificate and it has expired, refer to "How to update SSL certificate" page in "FAQ" section.

Navixy platform uses a web server called Nginx. It is available for both Linux and Windows, so the following steps are valid for any operating system.

Prepare SSL certificates

In order to make your website SSL protected, you need to have an SSL certificate and its private key. If you use multiple domain names, you need a certificate for each domain, or a wildcard or multi-domain certificate. You can contact any certificate authority to issue a certificate. The platform can work with any valid certificates regardless of the issuer. See this page for more information about SSL protection.

Navixy is not a certificate authority and does not offer SSL certificate issuance services. However, if your platform was installed automatically or deployed from the AMI, you can install free LetsEncrypt certificates using the Configuration Wizard. For manually installed instances, the Configuration Wizard is not available, and LetsEncrypt certificates can only be issued using third-party tools.

Once you have the certificates, you need to put them to some directory on your server. It is recommended that you use standard paths:

  • Linux: /etc/nginx/ssl/
  • Windows: C:\nginx\conf\ssl\

In this case, you will not need to specify the full path to the certificate and private key in the configuration of your website. You can specify a short path like ssl/name.crt and ssl/name.key.

SSL certificate chain of trust

The certificate file(s) must contain a full chain of trust. This means that the contents of the certificate must include not only the body of the primary certificate you plan to install, but also an intermediate certificate, a root certificate, or any combination of these, depending on the certificate issuer.

Such a certificate is called a full chain certificate.

Make sure that the certificate you issue contains this chain of trust, otherwise some features, such as mobile applications, might not work.

If you have trouble building the full chain, contact the certificate issuer. You can also use some online tools to resolve the chain of trust, such as this one.

If you want to learn more about the chain of trust, you can read an explanation on one of the SSL issuer sites.

Private key requirement

The main requirement for private key is that it must match the SSL certificate, otherwise Nginx web server will not be able to start. Typically, private key is provided by the certificate issuer along with the certificate. If you re-issue a certificate from the same authority, private key often stays the same and does not need to be replaced.

You can additionally match the certificate with the private key using online tools, such as this one.

Update Nginx configuration

Find your website configuration file. It is usually called navixy.conf and is located at /etc/nginx/sites-available/ (Linux) or C:\nginx\sites-enabled\ (Windows).

It is highly recommended to proceed with ready-to-use Nginx configuration. Simply choose a HTTPS configuration according to your operating system and the number of domains and replace the current contents of navixy.conf. In this case you only have to specify domains and paths to certificates and private keys. The rest of the configuration is proven to work, so this way you can avoid possible errors.

However, you can edit the Nginx configuration manually if this works for you better.

Change the listening port from "80" to "443 ssl", and add the SSL-related lines to each site's configuration, specifying the correct path to your fullchain certificate and key files.

listen 443 ssl; ## listen for ipv4
ssl_certificate /ssl/certificate.crt;
ssl_certificate_key /ssl/private.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

Here's an example for API site configuration:

server {
listen 443 ssl; ## listen for ipv4
access_log /var/log/nginx/api.domain.com_ssl.access.log;
client_max_body_size 20m;
ssl_certificate /ssl/certificate.crt;
ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {proxy_pass;

Restart Nginx web server.

For Linux:

nginx -t && nginx -s reload

For Windows, you need to terminate all Nginx processes and then start nginx.exe from C:\nginx.

Make sure Nginx has started and doesn't give any error related to SSL.

Edit the platform configuration files

Next we need to tell Navixy to use HTTPS protocol instead of HTTP in all the configuration files. Open the following files:

  • /var/www/panel-v2/PConfig.js - edit the parameter "apiRoot", changing "http" to "https". Edit the parameter "terminalHost" - change "ws" to "wss" and delete port 8383.
  • /var/www/pro-ui/Config.js - edit the parameter "apiRoot", changing "http" to "https".
  • /var/www/pro-ui/static/app_config.js - edit the parameter "apiUrl", changing "http" to "https" (if the value is present).
  • /home/java/api-server/conf/ - edit the parameter api.externalBaseUrl, changing "http" to "https" (if the value is present).

Restart Navixy services for all the changes to take effect.

In case the page is still trying to load over HTTP, clear your browser's cache.

Video Telematics NEW
Video Telematics NEW
Review incidents
Determine liability
Coach drivers
Learn more >

This website uses cookies.
See our Privacy Policy to learn more.