Monday, May 28, 2012

Enabling Nginx SSL with a self-singed certificate for testing on Ubuntu 10.04

To enable secure connections to your test Nginx server (https) you first need to create a self-singed certificate.
Here are the steps: (you can have them created anywhere, but having them in /etc/ssl is standard)
1- Create a Certificate Signing Request (CSR):
$sudo openssl genrsa -des3 -out YourServerName.key 1024
You will be asked for a pass-phrase; while this makes the key secure, but for web-servers this may be inconvenient .  Because each time you restart the server, you should enter the pass phrase again. So for dev environments probably you want to have an  insecure key.

2- Create the insecure key and switch key names:
$sudo openssl rsa -in YourServerName.key -out YourServerName.key.insecure
$sudo mv YourServerName.key
$sudo mv YourServerName.key.insecure YourServerName.key

3- Create the CSR:
$sudo openssl req -new -key YourServerName.key -out YourServerName.csr

4- Create the Self-Signed Certificate:
$sudo openssl x509 -req -days 365 -in YourServerName.csr -signkey YourServerName.key -out YourServerName.crt

5- Add the following to your host file configuration to the server section under "listen 80;":
(in case of big blue button it is in : /etc/nginx/sites-available/bigbluebutton)

listen   443;
ssl    on;
ssl_certificate    /etc/ssl/YourServerName.crt;
ssl_certificate_key    /etc/ssl/YourServerName.key;

6- restart nginx

No comments: