Using HTTPS with self-signed certificate in nginx

I recently needed to enable https support on a nginx server, using self-signed certificates. This is roughly the procedure I followed to:

  • Create a CA siging certificate
  • Create a delegate CA certificate for the actual signing
  • Generate a certificate signing request
  • Sign the request generating the final certificate

Generating the CA certificate

First of all, generate the master CA certificate:

# Create the CA key
openssl genrsa -des3 -out ca.orig.key 4096

# Remove passphrase from CA key (optional)
openssl rsa -in ca.orig.key -out ca.key

# Create certificate (will create signing request + sign it)
openssl req -new -x509 -days ...

Page 1 / 1