VHosts and Directives, Part 4: How to create and manage certificates in nginx

How to create and manage ssl certificates in nginx

In this tutorial we will learn how to create and manage ssl certificates in nginx

1.) Create ssl directory

cd /etc/nginx/
mkdir ssl
cd ssl

2.) Generate server key

openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

3.) Create Certificate Signing Request

openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:TX
Locality Name (eg, city) [Default City]:texas
Organization Name (eg, company) [Default Company Ltd]:text
Organizational Unit Name (eg, section) []:localhost
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:local

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

4.) Remove pass phrase from a key

openssl rsa -in server.key -out server.key.org
Enter pass phrase for server.key:
writing RSA key
mv server.key.org server.key

5.) Create Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
Getting Private key

6.) Edit Configuration file

cd ../vhost.d vim www.myexample.local.conf add following code Server { listen 443; root /var/www/html/myexample; index index.html index.htm index.php; server_name www.myexample.local myexample; ssl on; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; }

7.) Use following command to make sure that you haven’t made any typos or added any invalid entries.

nginx -t

8.) Restart the Service

systemctl restart nginx.service

9.) Visit url with https

lynx https://www.myexample.local

10.) Video Tutorial

That’s all for now. Have questions, post them in the comments.

Add Comment