Back

A Self Signed SSL Certificate with Nginx

2021-01-07

Table of Contents

    This is actually very simple, we create a certificate and key using openssl and then we set up our nginx block.

    bash
    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/selfsigned.key -out /etc/ssl/certs/selfsigned.crt

    This will generate a key and certificate that we can then use in nginx. We will be prompted for a few bits of information, the key part is to set the Common Name question to the ip address we are securing.

    nginx
    
        server {
            listen       80 default_server;
            listen       [::]:80 default_server;
            server_name  _;
            return 301 https://192.168.7.41$request_uri;
        }
    
        server {
            listen       443 ssl;
            listen       [::]:443 ssl;
            server_name  _;
            root         /usr/share/nginx/html;
    
            ssl_certificate /etc/ssl/certs/selfsigned.crt;
            ssl_certificate_key /etc/ssl/selfsigned.key;
    
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
    
            error_page 500 502 503 504 /50x.html;
            location = /50x.html {
            ...
            }
        }

    Now we have our nginx service using our self signed certificate.

    bash
    > sudo nginx -t

    We make sure our nginx configuration is still syntactically correct.

    bash
    > sudo service nginx restart

    Voila! We should now be able to navigate to our ip address and get a security warning about an untrusted certificate. Now we can all the certificate and we can continue working away!