Official Power Up Hosting Blog

Everything about Linux, Windows, and hosting ;)

Selvakumar
Author

I am an Online Marketer and technology lover. I like to learn new things and share that with people.

Share


Our Newsletter


Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Tags


Twitter


Official Power Up Hosting Blog

How To Create Nginx SSL Certificate for Ubuntu 14.04 (Self Signed Certificate)

SelvakumarSelvakumar

Introduction

TLS and SSL both are used to encrypt the traffic between the server and the user.

It is very important to encrypt the traffic to avoid the intrusion from attackers.

You can create a self-signed SSL certificate for Nginx server to encrypt the traffic.

This certificate won't validate the identity of the server.

It only encrypts the traffic between the server and user.

Since this is the self-signed certificate and not from the browser authorized certificate authority, the browser will show the warnings to the user.

If you use SSL, you don't need to worry about the security issues.

No one can easily breach the traffic and read your messages. Let us see the requirement of Nginx SSL Certificate creation.

Prerequisites

  • You should have Ubuntu 14.04 server configured with a sudo non-root user.

  • You should also have LEMP stack installed on your ubuntu 14.04 server.

  • You can also only install the Nginx server on Ubuntu instead of installing LEMP stack.

Let us see the Nginx SSL Setup procedures.

Install Nginx

If you have not installed Nginx on your server, use the below command to install Nginx on Ubuntu server.

sudo apt-get update
sudo apt-get install nginx

Creating the SSL Certificate

We will create a directory to hold all the SSL certificates and related files.

This SSL directory will be created under the Nginx configuration directory.

Use the below command to create the directory.

sudo mkdir /etc/nginx/ssl

We have the directory now and our next task is to create the SSL certificate and related files. Use the below command for that.

Use the Nginx install SSL certificate command mentioned below.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Let us see the commands used in the above command line.

openssl:

This command is used to create Open SSL Certificates, keys and other files.

This is a basic command line.

req:

This command is used to mention that we want to use the X.509 Certificate Signing Request management.

The X.509 is standard for the Public Key Infrastructure and it is followed by SSL and TLS for their key and certificate management.

We will use this command to create new X.509 command.

-X509:

This command is different from the previous one and it tells the utility that we want to generate the Nginx SSL self-signed self-signed certificate instead of generating CSR.

-nodes

This command instructs Open SSL to skip option for using the passphrase to secure the certificates.

The Nginx should be able to read the file without the user intrusion when the server starts every time.

If we use the passphrase, every time we have to enter it when the server starts.

-days 365

This option is used to set the time for the certificate validation duration.

Here, we will set it to one year.

-newkey rsa:2048:

This command indicates that the key has to be generated along with the certificate.

We have not created any key during the previous step. So, now we will instruct the rsa:2048 to generate the key which is 2048 bits long.

-keyout:

This line tells the path to the OpenSSL to place the generated private key file that we are creating.

-out:

This command tells the location of the Open SSL to place the certificate.

This commands will create the SSL certificate and key file and store them in the preferred locations.

You will be asked few more questions and you have to answer them appropriately.

You have set the correct name when you are prompted for Common Name.

You have to set the domain name you wished to use the server name.

The prompt will look like this one.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc.
Organizational Unit Name (eg, section) []:Ministry of Water Slides
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
Email Address []:admin@your_domain.com

The SSL files will be created and store on the /etc/nginx/ssl.

Nginx Configuration

Now, we have the SSL certificates and Key files stored in the Nginx configuration file.

We have to configure our Nginx server block to make use of the certificates.

For that, we have to adjust the configuration. We can directly enable the SSL in the same server block as HTTP traffic.

You can make Nginx redirect HTTP to https same port.

If you open the server block, it will look like the following. Now, let us see the Nginx https config details.

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html;
    index index.html index.htm;

    server_name your_domain.com;

    location / {
            try_files $uri $uri/ =404;
    }
}

Add the following line on the block to enable SSL.

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    listen 443 ssl;

    root /usr/share/nginx/html;
    index index.html index.htm;

    server_name your_domain.com;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    location / {
            try_files $uri $uri/ =404;
    }
}

Once you are done with the above steps, just save and close the file.

Then restart the Nginx server to make changes work.

sudo service nginx restart

This changes will allow both HTTP and SSL encrypted traffic.

Test the Setup

Now, the traffic between the client and server will be encrypted, but you should confirm that by testing.

First, check the server by visiting http://your_domain.com

This is to check whether the server can work on HTTP.

If you have hosted any website, you will be seeing your website. But, if there is no website, then you will see the Nginx welcome page saying

Welcome to nginx!

If you get this message, then it means the server is responding to HTTP request.

Now, let us check whether the server is responding to the https request.

https://yourdomain.com

You should get a warning message.

The site's security certificate is not trusted!

You will get this message because you are using the self-signed certificate which is not a Certificate Authority which is trusted by the browser.

Click on Proceed anyway.

Now, you should see the page saying

Welcome to nginx!

To see the more information, click on the https in the address bar.

You will see the red mark on the https bar as the certificate is not from the browser authorized CA.

You can see all the certificate information.

Conclusion

Now, you have learned how to create an SSL Certificate on Nginx.

You can follow this article to create SSL certificate from Let's encrypt.

Let's Encrypt is the trusted certificate authority.

You can install Nginx through nginx letsencrypt docker and
letsencrypt nginx plugin.

If you have any doubt in the execution of the commands, let us know them in the comment section.

Also, signup for our upcoming tutorials.

Selvakumar
Author

Selvakumar

I am an Online Marketer and technology lover. I like to learn new things and share that with people.

Comments