Thursday, February 23, 2012

nginx Self-Signed SSL

In this tutorial, I will be setting up nginx to listen on 443 for SSL connections. I will be creating a self-signed SSL certificate. I am running Ubuntu Server 10.04, your configuration locations may be slightly different.


1) Generate a Private Key

openssl genrsa -des3 -out server.key 1024

2) Generate a CSR

openssl req -new -key server.key -out server.csr

3) Remove Passphrase from Key

cp server.key
openssl rsa -in -out server.key

4) Generating a Self-Signed Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

5) Copy the .crt and .key files to /etc/ssl/

cp server.crt /etc/ssl/certs/
cp server.key /etc/ssl/private/

6) Configure nginx

Add the following to /etc/nginx/sites-available/default

ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;

server {
    listen 443;
    ssl on;
    location / {


Of course, if you're not running nginx as a reverse proxy, your information in location / {} will be different. This is only an example to illustrate the use of the extra SSL options.

Reboot nginx

/etc/init.d/nginx restart

If everything goes well, you should be able to browse to (where is the IP of your server).

1 comment:

  1. Thank you for sharing this information. This article is very interesting and useful. Keep up the good work!