PHP -version
open ssl

GnuWin32 – OPEN SSL

Nginx: Creating Your CSR with OpenSSL

web path
certificate files

server {
listen 443 ssl;
server_name localhost;

#ssl_certificate server.crt;
#ssl_certificate_key server.key;
ssl_certificate “C:/Bitnami/nginxstack-1.14.0-0/nginx/conf/server_io.crt”;
ssl_certificate_key “C:/Bitnami/nginxstack-1.14.0-0/nginx/conf/server_io.key”;
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

include “C:/Bitnami/nginxstack-1.14.0-0/nginx/conf/bitnami/phpfastcgi.conf”;

include “C:/Bitnami/nginxstack-1.14.0-0/nginx/conf/bitnami/bitnami-apps-prefix.conf”;



Setting Up HTTPS for localhost

Websites need an SSL certificate to work on HTTPS. Usually it is signed & issued by CAs(Certificate Authorities). We will generate a self-signed certificate for our local testing.

STEP 1: Generate Self-signed SSL Certificate

Openssl can generate a self-signed SSL certificate & private key pair with the following command (generated files will be in the current directory).

This command will ask for the following info:

  • Country Name
  • State or Province Name
  • Locality Name
  • Organization Name
  • Organizational Unit Name
  • Common Name*
  • Email Address

Common Name value should be the domain name of your website. here it is If you have multiple sub domains, use a wildcard *

The generated certificate will be in x509 container format with SHA256 signature algorithm, 2048bit RSA authentication key and is valid for 365 days.

[OPTIONAL]If you want to view the contents of encoded certificate, do this:

STEP 2: Trust authority of the certificate

When browsers get the certificat from server, the authenticity is verified by checking with existing CAs. Browser has a list of trusted CAs by default, if the certificate issuer is not there, then browser will be showing a security warning ‘untrusted connection’.

Our generated certificate is self signed, so browser will give security warning. In order to bypass that, we will manually verify the trust of certificate.

In OSX, you can do that in Keychain access as shown below: (or, open keychain access ui and add cerificate there).

Note: this will work only on chrome & safari, because those browsers check keychain access to get list of CAs. Firefox stores its own list of trusted CAs in the browser, so firefox will still throw the security error.

STEP 3: Configure & Reload nginx

Here is a sample nginx configuration you can make use of. Save its as nginx_custom.conf

Start/Reload nginx

Final step

Access, you can see that little green padlock icon  in the address bar. Yes, your local website is on HTTPS now!

HTTPS Localhost