Create an SSL certificate
You can create your own SSL certificate with the OpenSSL binary. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).
NOTE: In the following steps, replace the APPNAME placeholder with the name of your application directory.
-
Generate a new private key:
$ sudo openssl genrsa -out /opt/bitnami/nginx/conf/bitnami/certs/tls.key 2048 -
Create a certificate:
$ sudo openssl req -new -key /opt/bitnami/nginx/conf/bitnami/certs/tls.key -out /opt/bitnami/nginx/conf/cert.csrIMPORTANT: Enter the server domain name when the above command asks for the “Common Name”.
-
Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.
-
Until the certificate is received, create a temporary self-signed certificate:
$ sudo openssl x509 -in /opt/bitnami/nginx/conf/cert.csr -out /opt/bitnami/nginx/conf/bitnami/certs/tls.crt -req -signkey /opt/bitnami/nginx/conf/bitnami/certs/tls.key -days 365 -
Back up your private key in a safe location after generating a password-protected version as follows:
$ sudo openssl rsa -des3 -in /opt/bitnami/nginx/conf/bitnami/certs/tls.key -out privkey.pemNote that if you use this encrypted key in the configuration file, Nginx won’t be able to start. Regenerate the key without password protection from this file as follows:
$ sudo openssl rsa -in privkey.pem -out /opt/bitnami/nginx/conf/bitnami/certs/tls.key
Find more information about certificates at http://www.openssl.org.