Monday, May 28, 2012

Enabling Nginx SSL with a self-singed certificate for testing on Ubuntu 10.04

To enable secure connections to your test Nginx server (https) you first need to create a self-singed certificate.
Here are the steps: (you can have them created anywhere, but having them in /etc/ssl is standard)
1- Create a Certificate Signing Request (CSR):
$sudo openssl genrsa -des3 -out YourServerName.key 1024
You will be asked for a pass-phrase; while this makes the key secure, but for web-servers this may be inconvenient .  Because each time you restart the server, you should enter the pass phrase again. So for dev environments probably you want to have an  insecure key.

2- Create the insecure key and switch key names:
$sudo openssl rsa -in YourServerName.key -out YourServerName.key.insecure
$sudo mv YourServerName.key YourServerName.key.secure
$sudo mv YourServerName.key.insecure YourServerName.key

3- Create the CSR:
$sudo openssl req -new -key YourServerName.key -out YourServerName.csr

4- Create the Self-Signed Certificate:
$sudo openssl x509 -req -days 365 -in YourServerName.csr -signkey YourServerName.key -out YourServerName.crt

5- Add the following to your host file configuration to the server section under "listen 80;":
(in case of big blue button it is in : /etc/nginx/sites-available/bigbluebutton)

listen   443;
ssl    on;
ssl_certificate    /etc/ssl/YourServerName.crt;
ssl_certificate_key    /etc/ssl/YourServerName.key;


6- restart nginx

3 comments:

Arnold DK said...

Nice article. it is very valuable and informative for me. It’s interesting content and Great work. Thanks for sharing these blog with all of us. whatsapp mod

Let2know said...

This text gives the light wherein we can check the authenticity out. this is extremely quality one and offers indepth guidance. much thanks to you for this decent article.! Windows 7 Ultimate Product Key

Hi Every One said...

Took me length to door all the explanation, but I in all actuality partook in the article. It ended up being Very respecting me still up in the air to all the analysts here! Its consistently accessible through now you can't unmarried-handedly be educated, yet with engaged! Regcure Pro Cracked