In this tutorial, we will show you how to install a self-signed SSL Certificate on Nginx for Ubuntu 14.04 When installed on a web server, it activates SSL encryption over port 443 and allows secure connections from the server to a browser.
Note
This will install an SSL Certificate and configure it with NGINX, so having NGINX installed is required.
Install
Step 1
Connect to your server via SSH
ssh [email protected]
Step 2
We create the directory that will hold our SSL Key and Certificate.
sudo mkdir /etc/nginx/ssl
Step 3
we create the SSL key and certificate by running:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/ssl.key -out /etc/nginx/ssl/ssl.crt
Step 4
Fill out all the prompts. Most importantly that line that requests the Common Name (e.g. server FQDN or YOUR name). You need to enter your domain name, Or you can enter the public IP address instead if you do not have one.
This is what your answers should look like:
Generating a 2048 bit RSA private key
.................................+++
..................+++
writing new private key to '/etc/nginx/ssl/ssl.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Florida
Locality Name (eg, city) []:Jacksonville
Organization Name (eg, company) [Internet Widgits Pty Ltd]:UbuntuBoss
Organizational Unit Name (eg, section) []:IT Department
Common Name (e.g. server FQDN or YOUR name) []:ubuntuboss.com
Email Address []:[email protected]
Step 5
Now we will configure NGINX to use the newly generated SSL certificate.
We need to edit the NGINX config file
sudo nano /etc/nginx/sites-available/default
We need to uncomment the next items
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
root /usr/share/nginx/html;
index index.html index.htm;
server_name your_domain.com;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
location / {
try_files $uri $uri/ =404;
}
}
save and close the file with Control +X.
Now, Restart Nginx to apply your new settings with:
sudo service nginx restart
That’s it you now have an encrypted connection between the server and browser.Keep in mind that since this is a self-signed certificate you will see a notification on your browser warning that this is not a trusted certificate.