Last active
November 25, 2016 15:48
-
-
Save jakebathman/1ea16181132760dc1fc0 to your computer and use it in GitHub Desktop.
Add self-signed certificate for nginx server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
########## | |
# | |
# Run on the command line like this: | |
# | |
# genselfcert full.domain.com | |
# | |
# This is tested on CentOS 6.x, but might work similarly on other OS installations | |
# | |
########## | |
#!/bin/bash | |
domain="$1" | |
cn=$domain | |
key=$domain.key | |
csr=$domain.csr | |
crt=$domain.crt | |
# Generate a key | |
openssl genrsa -out $key 2048 | |
# Generate a certificate signing request | |
# The only answer you are REQUIRED to give for this command is COMMON NAME, which is the same as full.domain.com | |
openssl req -new -key $key \ | |
-subj "CN=$cn" \ | |
-out $csr \ | |
-sha512 | |
# Create the certificate | |
openssl x509 -req -days 365 -in $csr \ | |
-signkey $key \ | |
-out $crt \ | |
-sha512 | |
# In the nginx *.conf file for the server, add the following lines | |
# listen 443; | |
# ssl on; | |
# ssl_certificate /etc/nginx/ssl/full.domain.com.crt; | |
# ssl_certificate_key /etc/nginx/ssl/full.domain.com.key; | |
# server_name full.domain.com; | |
# Install the certificate at the end-user location (so the browser doesn't yell at you) | |
# On your computer, install the certificate in Trusted Root Certification Authorities | |
# Start > Run... | |
# certmgr.msc | |
# Find your cert under Trusted Root Certification Authorities > Certificates | |
# Right-click > Properties | |
# Select 'Enable all purposes for this certificate' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
########## | |
# | |
# Replace full.domain.com with your domain | |
# | |
# This is tested on CentOS 6.x, but might work similarly on other OS installations | |
# | |
########## | |
# Generate a key | |
openssl genrsa -out "/etc/nginx/ssl/full.domain.com.key" 2048 | |
# Generate a certificate signing request | |
# The only answer you are REQUIRED to give for this command is COMMON NAME, which is the same as full.domain.com | |
openssl req -new -key "/etc/nginx/ssl/full.domain.com.key" \ | |
-out "/etc/nginx/ssl/full.domain.com.csr" \ | |
-sha512 | |
# Create the certificate | |
openssl x509 -req -days 365 -in "/etc/nginx/ssl/full.domain.com.csr" \ | |
-signkey "/etc/nginx/ssl/full.domain.com.key" \ | |
-out "/etc/nginx/ssl/full.domain.com.crt" \ | |
-sha512 | |
# In the nginx *.conf file for the server, add the following lines | |
listen 443; | |
ssl on; | |
ssl_certificate /etc/nginx/ssl/full.domain.com.crt; | |
ssl_certificate_key /etc/nginx/ssl/full.domain.com.key; | |
server_name full.domain.com; | |
# Install the certificate at the end-user location (so the browser doesn't yell at you) | |
# On your computer, install the certificate in Trusted Root Certification Authorities | |
# Start > Run... | |
# certmgr.msc | |
# Find your cert under Trusted Root Certification Authorities > Certificates | |
# Right-click > Properties | |
# Select 'Enable all purposes for this certificate' | |
# More info and original source: https://serversforhackers.com/self-signed-ssl-certificates |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment