Android,iOS,Gadgets,Reviews Everything About Technology

SSL certificate for NGINX on Ubuntu


What is a self-signed certificate?

SSL certificate is used to encrypt information on the site and create a safer connection. It also displays the visitor’s identity information about the private virtual server. You can use the services of specialized organizations to confirm information about your server, or create a self-signed certificate.


- Advertisement -

The following actions require root rights. Also we need an installed and configured nginx server . You can install it by running the following command:

~~~ {.bash} sudo apt-get install nginx

### Step 1 - Create a directory for the certificate
The SSL certificate consists of two main parts: the certificate itself and the public key. In order to have free access to the necessary files, we will create a directory for storing them:
sudo mkdir /etc/nginx/ssl

Let’s move to the created directory:

~~~ {.bash} cd / etc / nginx / ssl

### Step 2 - Create the server key and request a certificate signature
First, create a private server key. During this step you will need to enter a password. Be sure to remember it. If you lose your password, you will lose access to the certificate.
sudo openssl genrsa -des3 -out server.key 1024

Then create a signature request

~~~ {.bash} sudo openssl req -new -key server.key -out server.csr

In response to this command, you will see a list of required fields.
The most important field is the "common name". Enter your official domain name or your IP address, if you do not already have a domain name. The challenge password fields and optional company name should be left blank.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:Moscow
Locality Name (eg, city) []:Moscow
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Inc
Organizational Unit Name (eg, section) []:Example Organization
Common Name (e.g. server FQDN or YOUR name) []                  
Email Address []

Step 3 – Remove Password (Passphrase)

We almost finished creating the certificate. However, it will be useful to remove the password. Although using a password and making the certificate more secure, you may have trouble rebooting the server. In the event of a server crash or simply need to reboot, you will always have to enter the password, otherwise you will not be able to load the server.

The following command allows you to delete the password for the certificate:

~~~ {.bash} sudo cp server.key sudo openssl rsa -in -out server.key

### Step 4 - Sign Certificate
It remains only to sign the certificate. You can set the validity period of the certificate by replacing the number 365 in the following command by the number of days of the action. In the following example, the certificate expires in a year.
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

On this certificate is ready.

Step 5 – Install the certificate

Now that we’ve prepared all the necessary components, you can configure our virtual hosts to display the certificate. Create a file by completely copying the contents of the default virtual host configuration file into it (/ etc / nginx / sites-available / default). Replace “example” with any name you like:

~~~ {.bash} sudo cp / etc / nginx / sites-available / default / etc / nginx / sites-available / example

Now open this file:
sudo nano /etc/nginx/sites-available/example

Scroll down to the following lines:

~~~ {.nginx}

HTTPS server

server {listen 443; server_name;

root /usr/share/nginx/www;
index index.html index.htm;

ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key; 


Uncomment the HTTPS Server line. Change the contents of the file according to your settings. Replace "" with your own domain name or IP address. Also write down the correct path to your site. (the above file contains the default nginx server settings).
Also make sure that the following lines are commented out:
# Make site accessible from http://localhost/
# server_name localhost;

Step 6 – Activate the virtual host

The final step is the activation of the host. Create a link in the sites-enabled directory to a file from the sites-available directory .

~~~ {.bash} sudo ln -s / etc / nginx / sites-available / example / etc / nginx / sites-enabled / example

Restart nginx:
sudo service nginx restart

Open the browser at https: // your_address and you will see your own signed certificate!