HTTPS: Creating Self-signed Certs

Occasionally, I need to create self-signed certs when testing application through https. This isn't really the best way to do it, as it will require anyone visiting to confirm a security exception, but it's useful in a pinch.

Here's the basics...

Generate Key

$ openssl genrsa -des3 -out cert.key 1024
=> enter password

Generate CSR

$ openssl req -new -key cert.key -out cert.csr
Country Name (2 letter code) []:CA
State or Province Name (full name) []:California
Locality Name (eg, city) [Newbury]:Sunland
Organization Name (eg, company) [My Company Ltd]:SomeCompant
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []
Email Address []:joshua at mervine dot net
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Remove Key Password

$ cp cert.key
$ openssl rsa -in -out cert.key

Generate Self-signed Cert

$ openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt

Copy Files to Nginx Config

$ sudo cp cert.crt /etc/nginx/
$ sudo cp cert.key /etc/nginx/

Nginx Config Example (from nginx default)

$ sudo vim /etc/nginx/nginx.conf

server {
    listen       443;
    server_name  localhost;

    ssl                  on;
    ssl_certificate      cert.crt;
    ssl_certificate_key  cert.key;

    location / {
        root   html;
        index  index.html index.htm;