How to Setup self signed SSL certificates with NGINX On Debian/Ubuntu

You can setup nginx in ubuntu using this tutorial which explains first steps of installation and configuration . As you might know that cloudflare reveals Universal SSL . Okay so lets setup nginx self signed ssl .

Please Note If you will use self signed certificates most of the time browsers will throw security error like shown in figure 1.1

self_signed_error

Setting NGINX SSL with self signed certificates

we are going to store SSL Cert and Key In Folder : /etc/nginx/ssl/

sudo mkdir -p /etc/nginx/ssl/cert
sudo mkdir -p /etc/nginx/ssl/private

okay lets install openssl

sudo apt-get update
sudo apt-get install openssl

alright let’s get started

# generating private keys
openssl genrsa -des3 -out example.key 2048

# generating a Certificate Signing Request
openssl req -new -key example.key -out example.csr

# removing passphrase from key

cp example.key example.key.org
openssl rsa -in example.key.org -out example.key
rm example.key.org

# lets generate certificate
openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt

# okay lets copy this certificate and key to `/etc/nginx/ssl`

sudo cp example.crt /etc/nginx/ssl/cert/
sudo cp example.key /etc/nginx/ssl/private/

In above process it will ask for several questions like your country code etc , provide your company or organisation related info . please note while entering Common Name make sure common name for your certificate must match the host name that you want to generate a valid certificate for .

Now configure Nginx , Edit your Nginx Configuration file and enter following lines in server block

server {

listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/certs/example.crt;
ssl_certificate_key /etc/nginx/ssl/private/example.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

# [........] Other config goes here

}

Test nginx config and restart nginx server

sudo nginx -t
sudo service nginx restart

Useful Links :
1. http://nginx.org/en/docs/http/configuring_https_servers.html
2. https://www.linode.com/docs/security/ssl/ssl-certificates-with-nginx

Add Comment