Create a Self-Signed SSL Certificate for Local Development With Nginx

Apr 29, 2022

We'll create a self-signed SSL certificate on a Linux machine which we can use for local development with Nginx.

Note: This is only for local development, do not use a self-signed SSL certificate on any publicly accessible website.

Create a self-signed SSL certificate

First, we'll create a new directory where will be stored all the required files for this certificate.

sudo mkdir /etc/ssl/self-signed-cert

We'll create an SSL key encrypted with 2048 bits.

sudo openssl genrsa -out "/etc/ssl/self-signed-cert/self-signed-cert.key" 2048

Next, create a certificate sign request with the key we just created.

sudo openssl req -new -key "/etc/ssl/self-signed-cert/self-signed-cert.key" -out "/etc/ssl/self-signed-cert/self-signed-cert.csr"

After this, you will be prompted to enter some information like country name, state or province name, locality name, etc.

You can enter your information here, for example:

Country Name: SR State or Province name: Serbia Locality Name: Belgrade Organization Name: Self Signed SSL Certificate Organizationl Unit Name: Common Name: Email Address: A challendge password: An optional company name:

The last step is to create a certificate itself with the request and key we just created.

sudo openssl x509 -req -days 365 -in "/etc/ssl/self-signed-cert/self-signed-cert.csr" -signkey "/etc/ssl/self-signed-cert/self-signed-cert.key" -out "/etc/ssl/self-signed-cert/self-signed-cert.crt"

In this example, the certificate we created will be valid for 1 year (365 days), if you want you can change this per your need.

That's it. Our self-signed SSL certificate is created.

Configure Nginx to use this certificate

To configure an HTTPS server, the SSL parameter must be enabled on listening sockets in the server block, and the locations of the server certificate and private key files should be specified.

Open the Nginx configuration file for a project where you want to use this certificate.

sudo vim /etc/nginx/sites-available/my-app.test

Enable SSL on the listening socket and specified the location of the certificate and private key files.

server { listen 443 ssl; ssl_certificate /etc/ssl/self-signed-cert/self-signed-cert.crt ssl_certificate_key /etc/ssl/self-signed-cert/self-signed-cert.key }

For example, the Nginx config file will look like this after you added those lines:

server { listen 80; listen [::]:80; listen 443 ssl; // new line
server_name my-app.test; root /home/vojislav/code/my-app.test/public;
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff";
ssl_certificate /etc/ssl/self-signed-cert/self-signed-cert.crt; // new line ssl_certificate_key /etc/ssl/self-signed-cert/self-signed-cert.key; // new line
index index.php;
charset utf-8;
location / { try_files $uri $uri/ /index.php?$query_string; }
location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ { fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi_params; }
location ~ /\.(?!well-known).* { deny all; } }

Next, check if the Nginx configuration is correct.

sudo nginx -t
Output: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

If everything is ok, restart the Nginx service.

sudo systemctl restart nginx

Now, if you visit your project address it should work with a secure transfer protocol (HTTPS)

HTTPS Working image

That's it, now you can work on your project locally with the HTTPS protocol.