#!/bin/bash | |
echo "Generating an SSL private key to sign your certificate..." | |
openssl genrsa -des3 -out myssl.key 1024 | |
echo "Generating a Certificate Signing Request..." | |
openssl req -new -key myssl.key -out myssl.csr | |
echo "Removing passphrase from key (for nginx)..." | |
cp myssl.key myssl.key.org | |
openssl rsa -in myssl.key.org -out myssl.key | |
rm myssl.key.org | |
echo "Generating certificate..." | |
openssl x509 -req -days 365 -in myssl.csr -signkey myssl.key -out myssl.crt | |
echo "Copying certificate (myssl.crt) to /etc/ssl/certs/" | |
mkdir -p /etc/ssl/certs | |
cp myssl.crt /etc/ssl/certs/ | |
echo "Copying key (myssl.key) to /etc/ssl/private/" | |
mkdir -p /etc/ssl/private | |
cp myssl.key /etc/ssl/private/ |
This comment has been minimized.
This comment has been minimized.
thanks you both for this, generating/using certificates is really a pain :/ |
This comment has been minimized.
This comment has been minimized.
The command below seems to work just fine for me and is just a one liner. Any comments?
You can automate the questions in a script:
|
This comment has been minimized.
This comment has been minimized.
@tvlooy - works for me, though on centos it seems the private directory is not there by default. presumably some distros may not have either so i put a small tweak of.. mkdir -p /etc/ssl/private && mkdir -p /etc/ssl/certs && openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl/private/site_name.key -out /etc/ssl/certs/site_name.crt OR mkdir -p /etc/ssl/private && openssl req -x509 -nodes -days 365 -newkey rsa:4096 SiteName Admin Portal EOF |
This comment has been minimized.
This comment has been minimized.
On Ubuntu there is no permissions into /etc/ssl/private, However I make it works in /etc/nginx/ssl. |
This comment has been minimized.
This comment has been minimized.
One step (if use Ubunut 16.04 /etc/ssl exists. If not use you feel free to add create dir) |
This comment has been minimized.
This comment has been minimized.
hi.. It is a very good gist... I am using nginx on AWS and followed these instructions. But unable to access https://<>. Any suggestions pls. Note: i have enabled my AWS security group to listen to 443 as well. |
This comment has been minimized.
This comment has been minimized.
I love this article. The self-signing process worked perfectly immediately. @slava-vishnyakov provided a wonderfully useful snippet for the nginx configuration file. BUT... I don't know if things have changed in the years since he or she wrote it but, it has one tiny imperfection that resulted in an error (ssl_error_rx_record_too_long) in the browser. Use this instead.. server { Just add the "ssl" to the listen parameters. With that, this article becomes one of the most instantly useful I've ever seen. Thanks to all of you. |
This comment has been minimized.
This comment has been minimized.
As to the Nginx configuration, I got a warning I just removed the In other words, it should be something like this:
|
This comment has been minimized.
This comment has been minimized.
Good morning, is it necessary to have a domain to apply this method of generating ssl self-signed certificate? Because in my company it is handled is url type https://10.164.7.203:37006/PruebaHTTPS |
This comment has been minimized.
This comment has been minimized.
If someone got the next error:
You have to change the length of your certificate from |
This comment has been minimized.
Thanks! That's very useful!
Just for future reference: here's how to attach it to nginx
EDIT: (updated, taking into consideration discussion below)