Last active
August 29, 2015 13:57
-
-
Save dodysw/9704142 to your computer and use it in GitHub Desktop.
Creating self signed certificate supporting multiple/wildchars domains at nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo su | |
cd /etc/nginx | |
mkdir sslmulti | |
cd sslmulti | |
# create a new certificate authority (for importing to our browser so that all child certs are trusted automatically) | |
openssl genrsa -out rootCA.key 2048 | |
openssl req -x509 -new -nodes -key rootCA.key -days 1024 -out rootCA.pem | |
# you can import rootCA.pem to your browser now | |
# create a certificate for our own site(s) | |
openssl genrsa -out server.key 2048 | |
openssl req -new -key server.key -out server.csr | |
# edit below according to your list of domains | |
echo "subjectAltName=DNS:yourdomain.com,DNS:*.yourdomain.com,DNS:other.domain.com" > extcert | |
# change 1024 to number of days the cert will be valid | |
openssl x509 -req -days 1024 -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -extfile extcert | |
cd ../sites-enabled | |
vi your_site_conf_file | |
# add/update the following: | |
# | |
... | |
server { | |
... | |
listen 443 ssl; | |
... | |
ssl_certificate /etc/nginx/sslmulti/server.crt; | |
ssl_certificate_key /etc/nginx/sslmulti/server.key; | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; | |
... | |
} | |
# save then restart | |
service nginx restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment