Using make-dummy-cert to Create a Self-Signed Certificate to HTTPS enable an NGinx Served Website in CentOS – and other mouthfuls

Written by James McDonald

March 26, 2014

I’m using CentOS release 6.5 (Final). Located in /etc/pki/tls/certs is a file named “make-dummy-cert”

In the answers() section you can enter some reasonably valid content (see example below) and then run it with a target file name (I generally make the file the same as the domain you are creating the certificate for) . make-dummy-cert combines the cert and the key in one file.

/etc/pki/tls/certs/make-dummy-cert /etc/nginx/certs/ssl.example.com

This will create a combined certificate. On Nginx I think you need to specify the following to enable the SSL dummy cert

server {
    listen       443 ssl;
    server_name  localhost;

    ssl_certificate      /etc/nginx/certs/ssl.example.com;
    ssl_certificate_key  /etc/nginx/certs/ssl.example.com;

...

This is the content of make-dummy-cert just in case you want to use it on a non-redhatian OS.

#!/bin/sh
umask 077

answers() {
        echo --
        echo NSW
        echo Maitland
        echo "James McDonald IT Services"
        echo Hosting
        echo jmits.com.au
        echo [email protected]
}

if [ $# -eq 0 ] ; then
        echo $"Usage: `basename $0` filename [...]"
        exit 0
fi

for target in $@ ; do
        PEM1=`/bin/mktemp /tmp/openssl.XXXXXX`
        PEM2=`/bin/mktemp /tmp/openssl.XXXXXX`
        trap "rm -f $PEM1 $PEM2" SIGINT
        answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
        cat $PEM1 >  ${target}
        echo ""   >> ${target}
        cat $PEM2 >> ${target}
        rm -f $PEM1 $PEM2
done

 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Squarespace Image Export

To gain continued access to your Squarespace website images after cancelling your subscription you have several...

MySQL 8.x GRANT ALL STATEMENT

-- CREATE CREATE USER 'tgnrestoreuser'@'localhost' IDENTIFIED BY 'AppleSauceLoveBird2024'; GRANT ALL PRIVILEGES ON...

Exetel Opt-Out of CGNAT

If your port forwards and inbound and/or outbound site-to-site VPN's have failed when switching to Exetel due to their...