To create a self-signed SSL certificate on Nginx for CentOS or RHEL, you will need to use the openssl tool. This tool is a command-line utility that can be used to generate and manage SSL/TLS certificates.
Here's a step-by-step guide to creating a self-signed SSL certificate on Nginx for CentOS or RHEL:
openssl tool if it is not already installed on your system:sudo yum install openssl
sudo mkdir /etc/ssl/nginx
openssl tool:sudo openssl genrsa -out /etc/ssl/nginx/server.key 2048
This command will create a private key file called server.key in the /etc/ssl/nginx directory.
openssl tool:sudo openssl req -new -key /etc/ssl/nginx/server.key -out /etc/ssl/nginx/server.csr
This command will create a CSR file called server.csr in the /etc/ssl/nginx directory. You will be prompted to enter information about your organization and domain name.
openssl tool:sudo openssl x509 -req -days 365 -in /etc/ssl/nginx/server.csr -signkey /etc/ssl/nginx/server.key -out /etc/ssl/nginx/server.crt
This command will create a self-signed SSL certificate called server.crt in the /etc/ssl/nginx directory. The certificate will be valid for 365 days.
server {
listen 443 ssl;
ssl_certificate /etc/ssl/nginx/server.crt;
ssl_certificate_key /etc/ssl/nginx/server.key;
}
These directives tell Nginx to listen for HTTPS connections on port 443, and to use the server.crt and server.key files as the SSL certificate and key files, respectively.
sudo systemctl restart nginx
That's it! Your Nginx server should now be configured to use a self-signed SSL certificate. Keep in mind that self-signed certificates are not trusted by web browsers and may cause warnings to be displayed when users visit your site. If you want to avoid these warnings and improve the security of your site, you should consider obtaining a trusted SSL certificate from a certificate authority (CA).
For more information on using the openssl tool to generate and manage SSL/TLS certificates, you can refer to the openssl man page or the documentation for your CentOS or RHEL system.