Tagged: SSL

Linux Self-signed SSL Certificate & Setup on NGINX – Debian/Ubuntu – How-to

I like to organize my SSL certs inside my web server folder for easy access and organization. I also like to create sub-folders for each domain and name each certificate with its corresponding domain name (example: /etc/nginx/ssl/domain.com/domain.com.crt). You can organize and name your certs in any way you see fit.

*I assume you are logged in as root.
*Replace NAME with your host/domain name. Don’t forget the NGINX config as well!

Install OpenSSL

apt-get install -y openssl

Create SSL directories

mkdir /etc/nginx/ssl
mkdir /etc/nginx/ssl/NAME
cd /etc/nginx/ssl/NAME

Generate key

openssl genrsa -out "/etc/nginx/ssl/NAME/NAME.key" 2048

Create SSL request

openssl req -new -key "/etc/nginx/ssl/NAME/NAME.key" -out "/etc/nginx/ssl/NAME/NAME.csr"

Validate SSL request and create SSL certificate

openssl x509 -req -days 1825 \
    -in "/etc/nginx/ssl/NAME/NAME.csr" \
    -signkey "/etc/nginx/ssl/NAME/NAME.key" \
    -out "/etc/nginx/ssl/NAME/NAME.crt"

Setup NGINX

Add to NGINX host config

listen 443 ssl;
ssl_certificate     /etc/nginx/ssl/NAME/NAME.crt;
ssl_certificate_key /etc/nginx/ssl/NAME/NAME.key;

Or just use my config. It also includes a non-https redirect, just replace NAME with your host name. (VIEW CONFIG HERE).

wget --no-check-certificate -O /etc/nginx/sites-available/rutorrent-hostip-ssl https://raw.githubusercontent.com/internetbear/library/master/nginx/site-available/hostip-ssl
Advertisements