0
0
Nginxdevops~20 mins

SSL certificate installation in Nginx - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
SSL Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
Check SSL certificate expiration date
You run this command to check the expiration date of an SSL certificate for example.com:
openssl s_client -connect example.com:443 -servername example.com < /dev/null | openssl x509 -noout -dates

What is the expected output format?
Nginx
openssl s_client -connect example.com:443 -servername example.com < /dev/null | openssl x509 -noout -dates
AError: unable to load certificate
BCertificate expires on 2024-08-30
CExpiration date: 08/30/2024
DnotBefore=Jun 1 12:00:00 2024 GMT\nnotAfter=Aug 30 12:00:00 2024 GMT
Attempts:
2 left
💡 Hint
The command outputs two lines starting with notBefore and notAfter.
Configuration
intermediate
2:00remaining
Nginx SSL configuration snippet
Which of the following nginx server block snippets correctly enables SSL using the certificate files located at /etc/ssl/certs/example.crt and /etc/ssl/private/example.key?
A
listen 443 ssl;
ssl_certificate_key /etc/ssl/private/example.key;
ssl_certificate /etc/ssl/certs/example.crt;
B
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/example.crt;
ssl_certificate_key /etc/ssl/private/example.key;
C
listen 443 ssl;
ssl_certificate /etc/ssl/certs/example.crt;
ssl_certificate_key /etc/ssl/private/example.key;
D
listen 443 ssl;
ssl_certificate /etc/ssl/private/example.key;
ssl_certificate_key /etc/ssl/certs/example.crt;
Attempts:
2 left
💡 Hint
The ssl_certificate directive must point to the certificate file, and ssl_certificate_key to the private key.
Troubleshoot
advanced
2:00remaining
Nginx fails to start after SSL config change
After adding SSL configuration to your nginx server block, nginx fails to start with the error:
nginx: [emerg] PEM_read_bio_PrivateKey("/etc/ssl/private/example.key") failed

What is the most likely cause?
AThe private key file is missing or has incorrect permissions.
BThe SSL protocol version is not specified.
CThe nginx user does not have permission to read the certificate file.
DThe certificate file is expired.
Attempts:
2 left
💡 Hint
The error mentions PEM_read_bio_PrivateKey failure.
🔀 Workflow
advanced
2:00remaining
Order of steps to install SSL certificate on nginx
What is the correct order of steps to install a new SSL certificate on an nginx server?
A1,3,2,4
B1,2,3,4
C2,1,3,4
D3,1,2,4
Attempts:
2 left
💡 Hint
You must have the files before configuring nginx.
Best Practice
expert
3:00remaining
Secure SSL configuration for nginx
Which nginx SSL configuration snippet follows best security practices to enable strong encryption and prevent known vulnerabilities?
A
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
B
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
C
ssl_protocols SSLv3 TLSv1.2;
ssl_ciphers ALL;
ssl_prefer_server_ciphers off;
D
ssl_protocols TLSv1.2;
ssl_ciphers LOW:MEDIUM;
ssl_prefer_server_ciphers off;
Attempts:
2 left
💡 Hint
Use only modern TLS versions and strong ciphers.