Linux - Generate Self SSL (Localhost HTTPS/SSL)

Fiko BorizqyFiko Borizqy
2 min read

In this article, I'll walk you through the steps to generate a self-signed SSL certificate for localhost on a Linux system. We'll use mkcert, a simple tool for making locally trusted development certificates. Also just to highlight it, Iโ€™m using arm base processor, so I use arm64 version.

Step 1: Download and Install mkcert

First, we need to download the mkcert binary and make it executable:

sh

curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/arm64"
chmod +x mkcert-v*-linux-amd64
sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert

Step 2: Generate the SSL Certificate

Next, we'll use mkcert to generate the SSL certificate and key for localhost:

sh

mkcert -key-file testing-key.pem -cert-file testing-cert.pem testing-dev.fiko.me

This command will create localhost-key.pem and localhost-cert.pem files.

Step 3: Configure Nginx

Now, let's configure Nginx to use the generated SSL certificate. Add the following configuration to your Nginx server block:

nginx

server {
    listen 445 ssl;
    server_name testing-dev.fiko.me;
    set $MAGE_ROOT /home/fiko/sites/testing;
    set $MAGE_MODE developer; # or production, depending on your environment

    ssl_certificate /home/fiko/downloads/testing-cert.pem;
    ssl_certificate_key /home/fiko/downloads/testing-key.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    include /home/fiko/sites/testing/nginx.conf.sample;

    error_page  404  /errors/404.php;
    error_page  500 502 503 504  /errors/503.php;

    access_log /var/log/nginx/testing_ssl.access.log;
    error_log /var/log/nginx/testing_ssl.error.log;
}

Make sure the paths to the SSL certificate and key files are correct.

Step 4: Restart Nginx

Finally, restart Nginx to apply the new configuration:

sh

sudo systemctl restart nginx

Your Nginx server should now be serving the site over HTTPS using the self-signed certificate.

References

By following these steps, you can generate a self-signed SSL certificate for localhost and configure Nginx to use it. This setup is great for development environments where you need HTTPS but don't want to obtain a certificate from a Certificate Authority.

Happy coding! ๐Ÿ˜Š

0
Subscribe to my newsletter

Read articles from Fiko Borizqy directly inside your inbox. Subscribe to the newsletter, and don't miss out.

SSLLinuxhttps

Written by

Fiko Borizqy
Fiko Borizqy

I wrote these tutorials for myself in future when I forget for the next steps.