Today I decided I’d add a self-signed SSL certificate to my 128 MB VPS in preparation for some projects I’m hoping to setup. Below is a guide of how to create and add a self-signed SSL certificate to your Nginx web server.

Start by creating a folder to store your SSL certficiates on the server:

mkdir -p /etc/ssl/localcerts

Now create the the SSL certificate:

openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/www.pem -keyout /etc/ssl/localcerts/www.key

By default this provides a certificate valid for 365 days.

Once complete you can add the certificate to Nginx by opening /etc/nginx/sites-available/default or your equivalent then add the following to the server {} block:

listen          443;
ssl on;
ssl_certificate         /etc/ssl/localcerts/www.pem;
ssl_certificate_key     /etc/ssl/localcerts/www.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;

You should now have working SSL on your site (preferably dev) but first I recommend running:

/etc/init.d/nginx configtest

Should everything be okay:

/etc/init.d/nginx reload

• debian
• https
• nginx
• setup
• ssl
• tutorial