Sample Nginx With Self Signed Https Protocol

  • 14/8/2023
  • 3-minute read

Sample nginx with a self-signed certificate

Steps on how to generate a self-signed SSL certificate using OpenSSL, install it in a Docker container, and access it using HTTPS protocol and port 5001 in your Windows machine:

  1. Generate the server private key:
openssl genrsa -out server.key 2048
  1. Create a certificate signing request (CSR):
openssl req -new -key server.key -out server.csr \
  -subj "/CN=localhost"
  1. Sign the CSR with the server private key:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  1. Generate server.pfx file:
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt

server.pfx can be generated from a combination of server.crt and server.key. The server.pfx file is a format that typically contains both the private key and the corresponding public key (certificate) in a single file. This format is often used for configuring SSL/TLS on servers.

To generate a server.pfx file, you’ll need the following:

a. server.crt: This is the public key certificate issued by a Certificate Authority (CA). b. server.key: This is the private key corresponding to the public key in the server.crt file.

Keep in mind that the process might slightly vary depending on your environment and the tools you’re using. Additionally, if you have a server.csr file (Certificate Signing Request), it’s not directly used for generating a PFX file. The CSR is typically used to request a certificate from a CA, and the resulting certificate (server.crt) is combined with the private key (server.key) to create the PFX file.

  1. Create a Dockerfile that will install the SSL certificate in the container:
FROM nginx
RUN apt-get update && apt-get install -y openssl
COPY server.key server.crt /etc/ssl/private/
  1. Build the Docker image:
docker build -t my-ssl-server .
  1. Run the Docker container:
docker run -it -p 5001:80 my-ssl-server
  1. In your Windows machine, open a web browser and navigate to https://localhost:5001. You should see the following message: This is a self-signed certificate.

This means that the certificate was generated by you and is not trusted by any certificate authorities. However, you can still access the website using HTTPS because the browser will still encrypt the traffic between your computer and the server.

Configure windows to trust the self-signed certificate

To add the certificate to your browser’s trusted certificate store, follow these steps:

  1. In your web browser, open the Settings menu.
  2. Click on Security and Privacy.
  3. Click on Advanced.
  4. Under HTTPS/SSL, click on Manage certificates.
  5. Click on the Trusted Root Certification Authorities tab.
  6. Click on the Import button.
  7. Browse to the location of the server.crt file and click on Open.
  8. Click on the Yes button to confirm the import.

Now, when you navigate to https://localhost:5001 in your browser, you should not see the error message.

Here are some additional things you can try if you are getting the error that says “This site can’t provide a secure connectionlocalhost sent an invalid response. ERR_SSL_PROTOCOL_ERROR”:

  • Make sure that your system time and date are correct.
  • Try clearing your browser’s cache and cookies.
  • Try disabling any browser extensions that you are not using.
  • Try updating your browser to the latest version.
  • Try restarting your computer.