:: krowemoh

Friday | 13 DEC 2024
Posts Links Other About Now

previous
next

A Self Signed SSL Certificate with Nginx

2021-01-07

This is actually very simple, we create a certificate and key using openssl and then we set up our nginx block.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/selfsigned.key -out /etc/ssl/certs/selfsigned.crt

This will generate a key and certificate that we can then use in nginx. We will be prompted for a few bits of information, the key part is to set the Common Name question to the ip address we are securing.


    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        return 301 https://192.168.7.41$request_uri;
    }

    server {
        listen       443 ssl;
        listen       [::]:443 ssl;
        server_name  _;
        root         /usr/share/nginx/html;

        ssl_certificate /etc/ssl/certs/selfsigned.crt;
        ssl_certificate_key /etc/ssl/selfsigned.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        ...
        }
    }

Now we have our nginx service using our self signed certificate.

> sudo nginx -t

We make sure our nginx configuration is still syntactically correct.

> sudo service nginx restart

Voila! We should now be able to navigate to our ip address and get a security warning about an untrusted certificate. Now we can all the certificate and we can continue working away!