Forum: NGINX Self-signed certificates for nginx

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Robert G. (Guest)
on 2009-02-19 17:11
Does anyone know how to generate self-signed certificate for nginx?
maybe even with wildcard or for multiple subdomains?!

I mean the openssl command, if possible.

Thanks!
Nick P. (Guest)
on 2009-02-19 17:37
(Received via mailing list)
Generate a private key:

openssl genrsa -des3 -out www.domain.com.ssl.key 1024

Create a CSR:

openssl req -new -key www.domain.com.ssl.key -out www.domain.com.ssl.csr
*note: enter full domain (www.domain.com) for CN (common name)*

Remove password from private key (optional):

openssl rsa -in www.domain.com.ssl.key -out
www.domain.com.ssl.key.nopass

Generate self-signed cert:

openssl x509 -req -days 365 -in www.domain.com.ssl.csr -signkey
www.domain.com.ssl.key -out www.domain.com.ssl.crt
*note: use .nopass if you removed the password from the private key*

Hope that helps.  I'm not sure about generating a wildcard cert.

Nick
John Kemp (Guest)
on 2009-02-19 17:57
(Received via mailing list)
On Feb 19, 2009, at 10:27 AM, Nick P. wrote:

>
> Nick
Just to add that that there are many guides on doing this available on
the Web (ie. through a Google search).

A couple that are specific and detailed are:

http://www.urbanpuddle.com/articles/2008/10/14/a-q...

http://articles.slicehost.com/2007/12/19/ubuntu-gu...

- johnk
Robert G. (Guest)
on 2009-02-20 11:26
John Kemp wrote:
> On Feb 19, 2009, at 10:27 AM, Nick P. wrote:
>
>>
>> Nick
> Just to add that that there are many guides on doing this available on
> the Web (ie. through a Google search).
>
> A couple that are specific and detailed are:
>
> http://www.urbanpuddle.com/articles/2008/10/14/a-q...
>
> 
http://articles.slicehost.com/2007/12/19/ubuntu-gu...
>
> - johnk

Thanks guys! It helped.
Robert G. (Guest)
on 2009-02-20 12:01
One problems:

what does this mean?

2009/02/20 09:57:13 [info] 10201#0: *9 SSL_do_handshake() failed (SSL:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca)
while reading client request line, client:
This topic is locked and can not be replied to.