Self-signed certificates for nginx


#1

Does anyone know how to generate self-signed certificate for nginx?
maybe even with wildcard or for multiple subdomains?!

I mean the openssl command, if possible.

Thanks!


#2

Generate a private key:

openssl genrsa -des3 -out www.domain.com.ssl.key 1024

Create a CSR:

openssl req -new -key www.domain.com.ssl.key -out www.domain.com.ssl.csr
note: enter full domain (www.domain.com) for CN (common name)

Remove password from private key (optional):

openssl rsa -in www.domain.com.ssl.key -out
www.domain.com.ssl.key.nopass

Generate self-signed cert:

openssl x509 -req -days 365 -in www.domain.com.ssl.csr -signkey
www.domain.com.ssl.key -out www.domain.com.ssl.crt
note: use .nopass if you removed the password from the private key

Hope that helps. I’m not sure about generating a wildcard cert.

Nick


#3

On Feb 19, 2009, at 10:27 AM, Nick P. wrote:

Nick
Just to add that that there are many guides on doing this available on
the Web (ie. through a Google search).

A couple that are specific and detailed are:

http://www.urbanpuddle.com/articles/2008/10/14/a-quick-guide-to-ssl-on-nginx

http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx

  • johnk

#4

John Kemp wrote:

On Feb 19, 2009, at 10:27 AM, Nick P. wrote:

Nick
Just to add that that there are many guides on doing this available on
the Web (ie. through a Google search).

A couple that are specific and detailed are:

http://www.urbanpuddle.com/articles/2008/10/14/a-quick-guide-to-ssl-on-nginx

http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx

  • johnk

Thanks guys! It helped.


#5

One problems:

what does this mean?

2009/02/20 09:57:13 [info] 10201#0: *9 SSL_do_handshake() failed (SSL:
error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca)
while reading client request line, client: