DEV Community

Masui Masanori
Masui Masanori

Posted on

[Windows] Using a self-signed certificate for HTTPS connection with Nginx

Intro

This time, I will create a self-signed public certificate to enable HTTPS connection with Nginx.

Creating a self-signed public certificate

Adding a custom domain

First, I add a custom domain into "C:\Windows\System32\drivers\etc\hosts" file.

hosts



...
127.0.0.1 goapp.sample.jp


Enter fullscreen mode Exit fullscreen mode

Creating a self-signed public certificate and exporting it

I create a self-signed public certificate by PowerShell(open as administrator).



New-SelfSignedCertificate -DnsName goapp.sample.jp -Subject "CN=goapp.sample.jp" -CertStoreLocation "cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256


Enter fullscreen mode Exit fullscreen mode

To export the certificate, I open "certlm.msc".
And I export it as "goappsample.pfx".

Image description

Image description

Image description

After exporting, I install it into "LocalMachine\Trusted Root Certification Authorities".

Image description

Image description

Image description

Creating pem and key files

To use the certificate from Nginx, I create a pem file and a key file from "goappsample.pfx" by OpenSSL.
This time, I use a OpenSSL Light released by "Shining Light Productions".



openssl pkcs12 -in goappsample.pfx -clcerts -nokeys -out goappsample.pem

 openssl pkcs12 -in goappsample.pfx -nocerts -nodes -out goappsample.key


Enter fullscreen mode Exit fullscreen mode

Then I add them into a conf file of Nginx.

webappsample.conf



server {
    listen  443 ssl;
    server_name goapp.sample.jp;
    ssl_certificate C:/Users/example/Documents/goappsample.pem;
    ssl_certificate_key C:/Users/example/Documents/goappsample.key;

    location / {
        root   html;
        index  index.html index.htm;
    }
    location /webrtc {
        proxy_pass http://localhost:8080;
    }
}


Enter fullscreen mode Exit fullscreen mode

Top comments (0)