Menu
Home  /  nginxSecurityWeb  /  Setup Nginx HTTP Server Self-Signed SSL/TLS Certificates on Ubuntu16.04 or 18.04

Setup Nginx HTTP Server Self-Signed SSL/TLS Certificates on Ubuntu16.04 or 18.04

Written by
nginx, Security, Web Leave a Comment

1. Install Nginx HTTP Web Server

If you don’t already have Nginx HTTP Server installed, the commands below can help you install it on Ubuntu 16.04 or 18.04… Just copy and paste each line and run it.

sudo apt update sudo apt install nginx

2. Creating Self-signed Certificates

run the commands below to generate the server private key as well as the self-signed SSL/TLS certificate for the example.com domain… you’ll be using.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/example.com.key -out /etc/ssl/certs/example.com.crt

After running the commands above, you’ll be prompted to answer few questions about the certificate you’re generating… answer them and complete the process.

.
-----
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Paris
Locality Name (eg, city) []:Brookly
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Company
Organizational Unit Name (eg, section) []:SSL Unit
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:webmaster@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: LEAVE BLANK

Finally the private key file will be stored in /etc/ssl/private/ folder called example.com.key and the certificate file stored in /etc/ssl/certs/ folder called example.com.crt as defined on the command line above.

3. Installing the certificates

After generating the certificate, the next step will be to configure it on Nginx server configuration. To do that, open Nginx config file and add the highlighted lines below…

sudo nano /etc/nginx/sites-available/default

Then reference the certificate files in Nginx configuration as shown below:

Uncomment these lines :

         listen 443 ssl default_server;
         listen [::]:443 ssl default_server;

        ssl on;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers         "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";

And add the following two lines :

        ssl_certificate     /etc/ssl/certs/example.com.crt;
        ssl_certificate_key /etc/ssl/private/example.com.key;

Save the file and close out.

After making the changes above, run the commands below to test your settings.

sudo nginx -t

If you don’t see any error messages then you’re good. Restart nginx  web server by running the commands below.

sudo systemctl restart nginx

And finnaly you can browse to the server domain using https in your browser and you’ll get a certificate warning because it’s a self-signed.

aghouchaf

Related Posts

Leave a Reply

© Copyright 2014. http://tutorials-space.com.