-
-
Save jessedearing/2351836 to your computer and use it in GitHub Desktop.
Create self-signed SSL certificate for Nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "Generating an SSL private key to sign your certificate..." | |
openssl genrsa -des3 -out myssl.key 1024 | |
echo "Generating a Certificate Signing Request..." | |
openssl req -new -key myssl.key -out myssl.csr | |
echo "Removing passphrase from key (for nginx)..." | |
cp myssl.key myssl.key.org | |
openssl rsa -in myssl.key.org -out myssl.key | |
rm myssl.key.org | |
echo "Generating certificate..." | |
openssl x509 -req -days 365 -in myssl.csr -signkey myssl.key -out myssl.crt | |
echo "Copying certificate (myssl.crt) to /etc/ssl/certs/" | |
mkdir -p /etc/ssl/certs | |
cp myssl.crt /etc/ssl/certs/ | |
echo "Copying key (myssl.key) to /etc/ssl/private/" | |
mkdir -p /etc/ssl/private | |
cp myssl.key /etc/ssl/private/ |
Good morning, is it necessary to have a domain to apply this method of generating ssl self-signed certificate?
Because in my company it is handled is url type https://10.164.7.203:37006/PruebaHTTPS
If someone got the next error:
# nginx -t
nginx: [emerg] SSL_CTX_use_certificate("/etc/ssl/certs/myssl.crt") failed (SSL: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small)
nginx: configuration file /etc/nginx/nginx.conf test failed
You have to change the length of your certificate from rsa:1024
to rsa:2048
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As to the Nginx configuration, I got a warning
nginx: [warn] the "ssl" directive is deprecated, use the "listen ... ssl" directive instead in /usr/local/etc/nginx/sites-enabled/local.mysite.com:8
I just removed the
ssl on;
part and the warning is gone.In other words, it should be something like this: