How to Setup self signed SSL certificates with NGINX On Debian/Ubuntu

Posted on  9/30/2014

You can setup nginx in ubuntu using this tutorial which explains first steps of installation and configuration . As you might know that cloudflare reveals Universal SSL . Okay so lets setup nginx self signed ssl .

Please Note If you will use self signed certificates most of the time browsers will throw security error like shown in figure 1.1


Setting NGINX SSL with self signed certificates

we are going to store SSL Cert and Key In Folder : /etc/nginx/ssl/

sudo mkdir -p /etc/nginx/ssl/cert
sudo mkdir -p /etc/nginx/ssl/private

okay lets install openssl

sudo apt-get update
sudo apt-get install openssl

alright let’s get started

# generating private keys
openssl genrsa -des3 -out example.key 2048

# generating a Certificate Signing Request
openssl req -new -key example.key -out example.csr

# removing passphrase from key

cp example.key
openssl rsa -in -out example.key

# lets generate certificate
openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt

# okay lets copy this certificate and key to `/etc/nginx/ssl`

sudo cp example.crt /etc/nginx/ssl/cert/
sudo cp example.key /etc/nginx/ssl/private/

In above process it will ask for several questions like your country code etc , provide your company or organisation related info . please note while entering Common Name make sure common name for your certificate must match the host name that you want to generate a valid certificate for .

Now configure Nginx , Edit your Nginx Configuration file and enter following lines in server block

server {

listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/certs/example.crt;
ssl_certificate_key /etc/nginx/ssl/private/example.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

# [........] Other config goes here


Test nginx config and restart nginx server

sudo nginx -t
sudo service nginx restart

Useful Links :


  • Home
  • About