Using self signed certificates and enabling SSL on nginx

Note: Only recommended for development environment. Not for production. 

Assuming that your nginx installation is located at


create the directory ‘ssl’. We will be hosting our certificates in this directory.


Step 1: Create a key, enter passphrase when asked

sudo openssl genrsa -des3 -out server.key 1024

Step 2: Use the key generated in step 1 to generate a CSR(certificate signing request)

sudo openssl req -new -key server.key -out server.csr

Make sure you enter the FQDN when asked.

Step 3: Remove the passphrase as we don’t want to enter it each time we want to start nginx. (Useful when daemonizing)

sudo cp server.key
sudo openssl rsa -in -out server.key

Step 4: Use the CSR and the Key generated in the above steps to create a Certificate.

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Here is the sample nginx configuration to get your site up and running.

  listen                443 ssl; # default;
  server_name ;
  root                  /var/www/approot/public;

  ssl on;
  ssl_certificate         /etc/nginx/ssl/server.crt;
  ssl_certificate_key     /etc/nginx/ssl/server.key;

  location / {
    access_log          off;
    include proxy_params;
    proxy_redirect off;
    proxy_set_header X-Forwarded-Proto https;
    proxy_pass    http://upstream;

Leave a Reply

Your email address will not be published. Required fields are marked *