How to Install a self signed Certificate in NGINX

5 years ago 14

In this tutorial, we will show you how to install a self-signed SSL Certificate on Nginx for Ubuntu 14.04 When installed on a web server, it activates SSL encryption over port 443 and allows secure connections from the server to a browser.


This will install an SSL Certificate and configure it with NGINX, so having NGINX installed is required.


Step 1

Connect to your server via SSH

ssh [email protected]

Step 2

We create the directory that will hold our SSL Key and Certificate.

sudo mkdir /etc/nginx/ssl

Step 3

we create the SSL key and certificate by running:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/ssl.key -out /etc/nginx/ssl/ssl.crt

Step 4

Fill out all the prompts. Most importantly that line that requests the Common Name (e.g. server FQDN or YOUR name). You need to enter your domain name, Or you can enter the public IP address instead if you do not have one.

This is what your answers should look like:

Generating a 2048 bit RSA private key
writing new private key to '/etc/nginx/ssl/ssl.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Florida
Locality Name (eg, city) []:Jacksonville
Organization Name (eg, company) [Internet Widgits Pty Ltd]:UbuntuBoss
Organizational Unit Name (eg, section) []:IT Department
Common Name (e.g. server FQDN or YOUR name) []
Email Address []:[email protected]

Step 5

Now we will configure NGINX to use the newly generated SSL certificate.

We need to edit the NGINX config file

sudo nano /etc/nginx/sites-available/default

We need to uncomment the next items

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        listen 443 ssl;

        root /usr/share/nginx/html;
        index index.html index.htm;

        ssl_certificate /etc/nginx/ssl/ssl.crt;
        ssl_certificate_key /etc/nginx/ssl/ssl.key;

        location / {
                try_files $uri $uri/ =404;

save and close the file with Control +X.

Now, Restart Nginx to apply your new settings with:

sudo service nginx restart

That’s it you now have an encrypted connection between the server and browser.Keep in mind that since this is a self-signed certificate you will see a notification on your browser warning that this is not a trusted certificate.