-
Notifications
You must be signed in to change notification settings - Fork 27
Pepyatka on HTTPS
This is a brief from https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04
The SSL certificate has 2 parts main parts: the certificate itself and the public key. To make all of the relevant files easy to access, we should create a directory to store them in:
sudo mkdir /etc/nginx/ssl
We will perform the next few steps within the directory:
cd /etc/nginx/ssl
Start by creating the private server key. During this process, you will be asked to enter a specific passphrase. Be sure to note this phrase carefully, if you forget it or lose it, you will not be able to access the certificate.
sudo openssl genrsa -des3 -out server.key 2048
Follow up by creating a certificate signing request:
sudo openssl req -new -key server.key -out server.csr
This command will prompt terminal to display a lists of fields that need to be filled in.
The most important line is "Common Name". Enter your official domain name here or, if you don't have one yet, your site's IP address. Leave the challenge password and optional company name blank.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Pepyatka Inc
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:pepyatka.com
Email Address []:webmaster@pepyatka.com
We are almost finished creating the certificate. However, it would serve us to remove the passphrase. Although having the passphrase in place does provide heightened security, the issue starts when one tries to reload nginx. In the event that nginx crashes or needs to reboot, you will always have to re-enter your passphrase to get your entire web server back online.
Use this command to remove the password:
sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key
Submit generated .csr file to one of many SSL cert providers.
Now we have all of the required components of the finished certificate.The next thing to do is to set up the virtual hosts to display the new certificate.