In this tutorial we will cover the steps needed to set up self-signed SSL certificate for the nginx web server on your CentOS 6.4, Debian or Ubuntu platform.


    • CentOS 6.4, Debian or Ubuntu installed on your computer/server
    • SSH access (Command line access to the server)
    • root privileges
    • Basic skills for working on a Linux environment
    • Nginx installed on the computer/server

The SSL certificate allows us to access the web server through an encrypted secured connection. Approved SSL vendors can issue validated SSL certificates. We can also generate a self-signed SSL certificate on our server. In that case the connection will be again encrypted however everytime we try to access the corresponding website protected by the SSL certificate we will receive an SSL warning that the certificate was not issued by trusted SSL vendor.

Create a server key and Certificate Signing Request

In order to organize the certificate related files we will create new folder called ssl/ inside /etc/nginx/:

Once inside the folder we can generate the key file:

You will be prompted to set a passphrase for the key:

Make sure that you don't forget/lose the passphrase otherwise you might experience problems in the future.

We will continue with the creation of the Certificate Signing Request (CSR):

You will be prompted to enter the passphrase related to the ssl.key:

After that few other fields should be filled as well:

Due to the fact that nginx will require the password on every reload we will remove the passphrase from the ssl.key file:

You will be prompted again to enter the passphrase.

Sign the SSL certificate

Now we can generate the certificate file:

The -days option allows us to generate the SSL certificate for specific period – in our case 1 year (365 days).

Configure the SSL certificate to work with nginx


We will edit the nginx default SSL configuration file:

where root has to be set to the default Nginx web root folder.


Create new file inside the /etc/nginx/sites-available/ folder:

and at the following lines inside it:

where root has to be set to the default nginx web root folder.

When done we can restart the nginx service:

Test the functionality of the SSL certificate

Prior the test make sure that the default HTTPS port 443 is opened on the server:

In case that is pointed to the server's IP address you should be able to access the content of the default web root folder through:

An SSL warning message should be displayed informing us about the fact that the SSL certificate is self-signed (not issued by trusted SSL vendor).

An easy way to find your server's IP address is to execute the following command: