Create a Self Signed SSL Certificate on Nginx for Ubuntu 14.04

SSL Self Signed Nginx Ubuntu Certificate Security OpenSSL


SSL stands for Secure Sockets Layer. An SSL certificate encrypts the data that is sent and received by the client without the possibility of someone reading the data in the middle, mostly known as man in the middle attacks.

In this tutorial, we will create a self-signed SSL certificate for Nginx. While using a self-signed SSL certificate is secure and encrypts the data between the server and the client, we highly suggest that you purchase an SSL certificate from a trusted SSL certificate provider.

Installing Nginx

If you don't already have Nginx installed, you can use the following command to install Nginx using Ubuntu Apt-get.

# sudo apt-get update
# sudo apt-get install nginx

Generating the SSL Certificate

First, we need to create a directory to store the SSL certificates.

# sudo mkdir /etc/nginx/ssl

Now we will use the OpenSSL package that comes pre-installed with Ubuntu 14.04 to create the SSL certificates.

# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/ssl.key -out /etc/nginx/ssl/ssl.crt

The above command will generate a 2048-bit private key and the SSL certificate that will be valid for 365 days.

Now you will be asked to answer few questions. It is important that you set the Common Name option appropriately, you need to enter the domain name or the public IP address if you do not have a domain.

Configuring Nginx

We need to edit the default configuration for Nginx to use the SSL certificate we generated. In this tutorial we will use vim to edit the configuration file, you can use your preferred text editor to edit the file below.

# sudo vim /etc/nginx/sites-available/default

You need to add the lines below to your default configuration below the line listen [::]:80 default ipv6only=on;.

listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/ssl.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
ssl_protocols SSLv3 TLSv1;

Once done, it should look similar to this:

server {
        listen   80; ## listen for ipv4; this line is default and implied
        listen   [::]:80 default ipv6only=on; ## listen for ipv6

        listen 443;
        ssl on;
        ssl_certificate /etc/nginx/ssl/ssl.crt;
        ssl_certificate_key /etc/nginx/ssl/ssl.key;
        ssl_protocols SSLv3 TLSv1;

        root /usr/share/nginx/www;
        index index.html index.htm;

        location / {
                try_files $uri $uri/ /index.html;

        location /doc/ {
                alias /usr/share/doc/;
                autoindex on;
                deny all;

Save and exit when you are done editing the file. 

Now let's restart Nginx to load our new configuration:

# sudo service nginx restart

All done! Now you can visit your site using the following URL:

Make sure that you allow HTTPS protocol and port 443 If you are using a firewall.

You will get a warning saying the security certificate is not trusted since we self-signed the SSL certificate, click continue or proceed anyway button to continue to your website. 

    No comments found for this tutorial, be the first to leave a comment!

Last updated on
Jun 13, 2015