dracoblue.net

HTTPS + NGINX with self signed SSL certificate

If you want to use https with nginx on your dedicated server, you have the option to buy a certificate. The other way, even though less secure for your clients: create a self signed certificate.

I want to show, how you can create a self signed certificate and how to use it with nginx on an ubuntu linux.

Open a root shell and head to the nginx configuration folder.

$ sudo -s
# cd /etc/nginx

Generate the self signed certificate and answer the questions.

# openssl req -new -x509 -nodes -out server.crt -keyout server.key

Now make the files only visible to the owner (root).

# chmod 600 server.key

Add the ssl section as new site:

# vim sites-enabled/ssl.example.org

with this code:

server {
    listen               443;
    ssl                  on; 
    ssl_certificate      /etc/nginx/server.crt;
    ssl_certificate_key  /etc/nginx/server.key;

    server_name ssl.example.org;

    location / {
            root /var/www/ssl.example.org;
            index index.php;
    }   

    # ... and so on
}

Reboot nginx:

# /etc/init.d/nginx restart

Head to your site: https://ssl.example.org. You'll recieve a message in your favorite browser saying that the certificate is insecure, because the author signed it on his own. You have to make an exception.

This does not look very professional. So you should use this procedure

only for projects, where you can live with this 'error message'.

In articles, linux, nginx, open source, ubuntu by DracoBlue @ 19 Dec 2010

comments powered by Disqus

Recent Files

Advertisement

Recent Dev-Articles

About

Blogroll