How to generate self signed ssl
Introduction: Understanding SSL Certificates and Their Significance in the Modern Web
An SSL certificate is a digital document that verifies the authenticity of a website and ensures a secure connection between the server and the user's browser. SSL stands for Secure Sockets Layer, a security protocol for establishing an encrypted connection on the Internet.
When a website uses an SSL certificate, the abbreviation HTTPS appears in the browser's address bar, signifying a "secure" version of the HTTP protocol. Unlike plain HTTP, HTTPS ensures that all information transmitted between the web server and browser is encrypted and protected from unauthorized access. The presence of a padlock icon in the address bar also informs users about the security of the site and enhances their trust.
For businesses, it's important to realize that SSL certificates are necessary not only for protecting user data but also for complying with modern internet security standards. Most modern web browsers actively warn users about the potential insecurity of sites operating under the HTTP protocol without an SSL certificate, which can negatively impact the perception and traffic of such sites.
Developer Challenges and Self-Signed Certificates
During the development of web applications, developers often face the need to use HTTPS connections, even if the project doesn't yet have its own domain name or is in the testing phase. In such cases, the question arises: how to ensure connection security without an officially issued SSL certificate? One practical answer is the use of self-signed SSL certificates.
A self-signed SSL certificate is a certificate generated and signed by the user, not by a certifying authority. Such certificates are ideal for development and testing purposes, as they allow the creation of an encrypted connection without additional costs and procedures of obtaining a certificate from an external certifying authority. In the following sections, we will examine in detail the process of creating and using self-signed certificates, as well as their integration with the Nginx web server.
1. Install openssl to Ubuntu
sudo apt-get update
sudo apt-get install openssl
2. Generating the Self-Signed SSL Certificate
- Generating the Private Key
openssl genrsa -out mydomain.key 2048
Here, mydomain.key is the filename for your private key, and 2048 is the key length in bits. Using at least 2048 bits is recommended for security.
- Creating a Certificate Signing Request (CSR)
openssl req -new -key mydomain.key -out mydomain.csr
In this step, you will be prompted to enter information about your site and organization, such as country, organization, and site name. This information will be included in your certificate.
- Creating the Self-Signed Certificate
openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt
Here, 365 represents the certificate's validity period in days, and mydomain.crt will be your newly created self-signed certificate.
- Decrypting the Private Key
openssl rsa -in mydomain.key -out decrypted.key
This step is necessary to avoid entering the password every time you start the web server.
3. Add generated certificate and key to Nginx
Next, integrate the SSL certificate and key into your Nginx configuration. The configuration should look something like this:
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
return 301 https://your-host-addres$request_uri;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
server {
listen 443 default_server ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/ssl/mydomain.crt;
ssl_certificate_key /etc/nginx/ssl/decrypted.key;
location / {
proxy_pass http://your-host-addres:some-port;
}
}
For simplicity and ease of setup, I recommend using Nginx within a Docker container. First, download and install Docker from the official website. Then, create a Docker compose file as follows:
version: "3"
services:
nginx:
image: nginx:latest
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/conf.d/nginx.conf:ro
- ./mydomain.crt:/etc/nginx/ssl/mydomain.crt:ro
- ./decrypted.key:/etc/nginx/ssl/decrypted.key:ro
Finally, launch your Docker container with the command:
docker-compose up -d