NGINX – SSL Certificate Setup

Create the Server Key and Certificate Signing Request
Start off by creating the 1024 rsa private key.

sudo openssl genrsa -des3 -out /etc/nginx/conf.d/i90runner.key 1024
sudo openssl req -new -key /etc/nginx/conf.d/i90runner.key -out /etc/nginx/conf.d/i90runner.csr

Remove the Passphrase

sudo cp /etc/nginx/conf.d/i90runner.key /etc/nginx/conf.d/
sudo openssl rsa -in /etc/nginx/conf.d/ -out /etc/nginx/conf.d/i90runner.key

Sign your SSL Certificate

sudo openssl x509 -req -days 1000 -in /etc/nginx/conf.d/i90runner.csr -signkey /etc/nginx/conf.d/i90runner.key -out /etc/nginx/conf.d/i90runner.crt

Set Up the Certificate

 sudo vim virtual.conf
 sudo sudo service nginx restart
NGINX config Server Block :
  server {
        listen       443;

        ssl                  on;
        ssl_certificate      i90runner.crt;
        ssl_certificate_key  i90runner.key;
        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;

        location / {
            root   /xxx/share/nginx/xxx/kaizen;
            index  index.html index.htm index.php;

Command History :

1001 sudo openssl genrsa -des3 -out /etc/nginx/conf.d/i90runner.key 1024
1002 sudo openssl req -new -key /etc/nginx/conf.d/i90runner.key -out /etc/nginx/conf.d/i90runner.csr
1003 sudo cp /etc/nginx/conf.d/i90runner.key
1004 sudo cp /etc/nginx/conf.d/i90runner.key /etc/nginx/conf.d/
1005 sudo openssl rsa -in /etc/nginx/conf.d/ -out /etc/nginx/conf.d/i90runner.key
1006 sudo openssl x509 -req -days 1000 -in /etc/nginx/conf.d/i90runner.csr -signkey /etc/nginx/conf.d/i90runner.key -out /etc/nginx/conf.d/i90runner.crt

1007 cp conf.d/i90runner.key i90runner.key
1008 sudo cp conf.d/i90runner.key i90runner.key
1009 sudo cp conf.d/i90runner.crt i90runner.crt
1010 ls
1011 sudo chown nginx i90runner.*
1012 ls -l
1013 ls
1014 sudo vim nginx.conf
1015 cd conf.d/
1018 sudo vim virtual.conf
1019 sudo sudo service nginx restart

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *