Creating Self-Signed SSL Certificates for nginx on Linux

By Hilmar Meijer
On march 06, 2014
About commandline, webserver
ssl certificate
The configuration of nginx is straight forward. To enable ssl add the following lines to your virtualhost
listen   443 ssl;
ssl on;
ssl_certificate /etc/ssl/private/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
Where
/etc/ssl/private/
is going to be the path of the keys and certificates.

Now it's time to generate the certificate. As root or use sudo enter the following command:
openssl req -new > new.cert.csr
You will be asked some questions.
Country Name (2 letter code) [AU]:Enter Code
State or Province Name (full name) [Some-State]: Enter State Here
Locality Name (eg, city) []: Enter City Here
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Enter your domain name here
Organizational Unit Name (eg, section) []: Enter your domain name here
Common Name (eg, YOUR name) []: Enter your domain name here
Email Address []: Work Email

A challenge password []: Leave Blank
An optional company name []: Optional
If you don't have a privkey.pem this is how you can generate one:
openssl genrsa -out privkey.pem
This will generate a file new.cert.csr we will be using later. First generate the key file.
openssl rsa -in privkey.pem -out new.cert.key
Next up sign the certificate. Its valid for a 1000 days.
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey  new.cert.key -days 1000
Now we have three files new.cert.csr, new.cert.cert and new.cert.key. We only need 2 for nginx. Lets copy the two files to the right location.
cp new.cert.key /etc/ssl/private/server.key
cp new.cert.cert /etc/ssl/private/server.crt
Reload nginx and you should have ssl working.

For more information about nginx and https see the nginx https module page. These are the official howto's by openssl.
Back to blog