Generate and Configure Self-Signed SSL Certificate on Nginx


NGINX, an open source, high-performance HTTP server,  reverse proxy, and IMAP/POP3 proxy server, has gained popularity as a load balancer.


OpenSSL is a general purpose cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. OpenSSL used to generate self-signed certificates which can be used for testing purposes or internal usage. The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is  readable as ASCII text.



Step-1):- Install ngnix first :  //if you had already install then ignore this step

$ sudo apt-get install nginx

Step-2):- Install and generate openSSL certificate : –

    a.) Install openSSL : –

 $ sudo apt-get install openssl

// To check weather it is install or not, type “which openssl” on terminal if you get “/usr/bin/openssl” then openSSL is install successfully

    b.) Generate SSL certificate at /etc/ssl :-

$ cd /etc/ssl
$ sudo openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ sudo openssl rsa -passin pass:x -in server.pass.key -out server.key
$ sudo rm server.pass.key
$ sudo openssl req -new -key server.key -out server.csr     //fill details of ssl
$ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out   server.crt

Step-3):- Add following line to sites-available of Nginx: –

        $ sudo nano /etc/nginx/sites-available/default

server {
    listen 80;
         server_name YOUR_SERVER_DOMAIN_NAME_OR_IP;
         return 301 https: //$host$request_uri;
server {
      listen 8080;
      listen 443 ssl;

      server_name  YOUR_SERVER_DOMAIN_NAME_OR_IP;

      ssl_certificate /etc/ssl/server.crt;
      ssl_certificate_key /etc/ssl/server.key;
      ssl_session_timeout 5 m;
      ssl_protocols SSLv3 TLSv1 TLSv1 .1 TLSv1 .2;
      ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
      ssl_prefer_server_ciphers on;
      access_log /var/log/nginx/access.log;
      error_log /var/log/nginx/error.log;

location / {
            proxy_pass http://localhost:3000;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_cache_bypass $http_upgrade;

Step-4):- Save and restart Nginx –

 $ sudo service nginx restart


Reference : –

One thought on “Generate and Configure Self-Signed SSL Certificate on Nginx

  • July 6, 2016 at 11:09 am



Leave a Reply

Your email address will not be published. Required fields are marked *