Activate SSL On NGNIX And Windows Sever

back to snippest | Comment | Share

PHP -version
php
open ssl

GnuWin32 – OPEN SSL
http://getgnuwin32.sourceforge.net/

Nginx: Creating Your CSR with OpenSSL
https://www.digicert.com/csr-ssl-installation/nginx-openssl.htm
https://www.digicert.com/easy-csr/openssl.htm

web path
C:\Bitnami\nginxstack-1.14.0-0\nginx\html
certificate files
C:\Bitnami\nginxstack-1.14.0-0\nginx\conf
server_io.crt
server_io.key

server {
listen 443 ssl;
server_name localhost;

#ssl_certificate server.crt;
#ssl_certificate_key server.key;
ssl_certificate “C:/Bitnami/nginxstack-1.14.0-0/nginx/conf/server_io.crt”;
ssl_certificate_key “C:/Bitnami/nginxstack-1.14.0-0/nginx/conf/server_io.key”;
# http://nginx.org/en/docs/windows.html#known_issues
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

include “C:/Bitnami/nginxstack-1.14.0-0/nginx/conf/bitnami/phpfastcgi.conf”;

include “C:/Bitnami/nginxstack-1.14.0-0/nginx/conf/bitnami/bitnami-apps-prefix.conf”;
}

 

 

Setting Up HTTPS for localhost

Websites need an SSL certificate to work on HTTPS. Usually it is signed & issued by CAs(Certificate Authorities). We will generate a self-signed certificate for our local testing.

STEP 1: Generate Self-signed SSL Certificate

Openssl can generate a self-signed SSL certificate & private key pair with the following command (generated files will be in the current directory).

This command will ask for the following info:

  • Country Name
  • State or Province Name
  • Locality Name
  • Organization Name
  • Organizational Unit Name
  • Common Name*
  • Email Address

Common Name value should be the domain name of your website. here it is local.website.dev If you have multiple sub domains, use a wildcard *.website.dev

The generated certificate will be in x509 container format with SHA256 signature algorithm, 2048bit RSA authentication key and is valid for 365 days.

[OPTIONAL]If you want to view the contents of encoded certificate, do this:

STEP 2: Trust authority of the certificate

When browsers get the certificat from server, the authenticity is verified by checking with existing CAs. Browser has a list of trusted CAs by default, if the certificate issuer is not there, then browser will be showing a security warning ‘untrusted connection’.

Our generated certificate is self signed, so browser will give security warning. In order to bypass that, we will manually verify the trust of certificate.

In OSX, you can do that in Keychain access as shown below: (or, open keychain access ui and add cerificate there).

Note: this will work only on chrome & safari, because those browsers check keychain access to get list of CAs. Firefox stores its own list of trusted CAs in the browser, so firefox will still throw the security error.

STEP 3: Configure & Reload nginx

Here is a sample nginx configuration you can make use of. Save its as nginx_custom.conf

Start/Reload nginx

Final step

Access https://local.website.dev, you can see that little green padlock icon  in the address bar. Yes, your local website is on HTTPS now!

HTTPS Localhost

 

About the Author

Hi! I'm Ahmad. I have a degree in Computer Science from Birzeit University and you might call me a bit of computer geek. I am the Founder of Greenbackend Turnkey Solutions a leading Cloud and Hosting Company in the Middle East, Also I am the Founder of Ahmad Naser Turnkey Solutions in Harvey, LA, USA. I'm comfortable with a large range of languages and techniques. After implementing enterprise applications using Salesforce and Siebel CRM for 3 years and with professional experience in building websites, cloud apps, iOS apps, Unity games, Android mobile apps and educational games for 8 years. I decided to share my technical knowledge with people all over the world to benefit from my experience and build their own careers specially because I am a real world example with over 20 successful apps on Google Play Store, Asset Store and Apple Store, So your success is mine and I want to help you reach your goals step by step exactly as I do. I'm passionate about teaching people about technologies, so from time to time I gave courses online and in learning centers and teach beginners and professionals on many technologies and development frameworks. One of my greatest goals in life is growing the next generation of software professionals and to keep teaching programming at every opportunity I get. I can't wait to help you experience the achievement and financial freedom that having a deep understanding of technology brings. So why not start learning to design & develop now by joining our epic Unity 3D professional 2d game development course? See you soon! Ahmad

>