openssl req -x509 -newkey rsa:2048 -nodes \ -keyout private-key.pem -out certificate.pem \ -days 365 \ -subj "/CN=localhost" \ -addext "subjectAltName=DNS:localhost,DNS:example.local,IP:127.0.0.1"
openssl req -x509 -newkey rsa:2048 -nodes \ -keyout private-key.pem -out certificate.pem \ -days 365 \ -subj "/CN=localhost" \ -addext "subjectAltName=DNS:localhost,DNS:example.local,IP:127.0.0.1"
openssl req -x509 -newkey rsa:2048 -nodes \ -keyout private-key.pem -out certificate.pem \ -days 365 \ -subj "/CN=localhost" \ -addext "subjectAltName=DNS:localhost,DNS:example.local,IP:127.0.0.1"
sudo mkdir -p /etc/nginx/ssl
sudo cp certificate.pem /etc/nginx/ssl/
sudo cp private-key.pem /etc/nginx/ssl/
sudo chmod 600 /etc/nginx/ssl/private-key.pem
sudo chown root:root /etc/nginx/ssl/*
sudo mkdir -p /etc/nginx/ssl
sudo cp certificate.pem /etc/nginx/ssl/
sudo cp private-key.pem /etc/nginx/ssl/
sudo chmod 600 /etc/nginx/ssl/private-key.pem
sudo chown root:root /etc/nginx/ssl/*
sudo mkdir -p /etc/nginx/ssl
sudo cp certificate.pem /etc/nginx/ssl/
sudo cp private-key.pem /etc/nginx/ssl/
sudo chmod 600 /etc/nginx/ssl/private-key.pem
sudo chown root:root /etc/nginx/ssl/*
server { listen 443 ssl; server_name example.local; ssl_certificate /etc/nginx/ssl/certificate.pem; ssl_certificate_key /etc/nginx/ssl/private-key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /var/www/html; index index.html; }
} # Optional: redirect HTTP to HTTPS
server { listen 80; server_name example.local; return 301 https://$server_name$request_uri;
}
server { listen 443 ssl; server_name example.local; ssl_certificate /etc/nginx/ssl/certificate.pem; ssl_certificate_key /etc/nginx/ssl/private-key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /var/www/html; index index.html; }
} # Optional: redirect HTTP to HTTPS
server { listen 80; server_name example.local; return 301 https://$server_name$request_uri;
}
server { listen 443 ssl; server_name example.local; ssl_certificate /etc/nginx/ssl/certificate.pem; ssl_certificate_key /etc/nginx/ssl/private-key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { root /var/www/html; index index.html; }
} # Optional: redirect HTTP to HTTPS
server { listen 80; server_name example.local; return 301 https://$server_name$request_uri;
}
sudo nginx -t
sudo systemctl reload nginx
sudo nginx -t
sudo systemctl reload nginx
sudo nginx -t
sudo systemctl reload nginx
curl -kvI https://example.local/
curl -kvI https://example.local/
curl -kvI https://example.local/
openssl s_client -connect example.local:443 -servername example.local \ </dev/null 2>/dev/null | openssl x509 -text -noout
openssl s_client -connect example.local:443 -servername example.local \ </dev/null 2>/dev/null | openssl x509 -text -noout
openssl s_client -connect example.local:443 -servername example.local \ </dev/null 2>/dev/null | openssl x509 -text -noout - How to trust a self-signed certificate in Chrome
- Self-signed certificate for Apache
- RSA vs ECDSA: which to choose for self-signed certificates
