A Self Signed SSL Certificate with Nginx


Table of Contents

    This is actually very simple, we create a certificate and key using openssl and then we set up our nginx block.

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/selfsigned.key -out /etc/ssl/certs/selfsigned.crt

    This will generate a key and certificate that we can then use in nginx. We will be prompted for a few bits of information, the key part is to set the Common Name question to the ip address we are securing.

        server {
            listen       80 default_server;
            listen       [::]:80 default_server;
            server_name  _;
            return 301$request_uri;
        server {
            listen       443 ssl;
            listen       [::]:443 ssl;
            server_name  _;
            root         /usr/share/nginx/html;
            ssl_certificate /etc/ssl/certs/selfsigned.crt;
            ssl_certificate_key /etc/ssl/selfsigned.key;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
            error_page 500 502 503 504 /50x.html;
            location = /50x.html {

    Now we have our nginx service using our self signed certificate.

    > sudo nginx -t

    We make sure our nginx configuration is still syntactically correct.

    > sudo service nginx restart

    Voila! We should now be able to navigate to our ip address and get a security warning about an untrusted certificate. Now we can all the certificate and we can continue working away!