Self signed wildcard security certificate for apache or nginx

This tutorial is done on a debian 11 system… it should work for wildcard (For all subdomains under a domain), but also for subdomains or the primary domain, obviously, all you need to do is replace the * which denotes wildcard with the subdomain of your choice, so * is wildcard, is a subdomain 😉 so let us get started

Let’s encrypt has certainly revolutionized the world of SSL certificates (By making them free), but when it comes to wildcard certificates, let’s encrypt will require more than just generating the certificate, it will require a system that automatically alters DNS at your registrar, and differs from registrar to registrar.

So while I am developing, and need a wildcard SSL, I can simply generate a self signed wildcard security certificate, and teach my browser to accept it, and that is that, so here is how to generate that certificate !

So let us get started, first let us create a public and private key in one go, and a folder to store them !

cd /etc/ssl
sudo mkdir
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/ -out /etc/ssl/

I will personally skip selecting a strong Diffie-Hellman group… this file though goes somewhere else in the nginx directory, and can be generated like the following, but again, I don’t need it atm.

sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096

Now you are done with creating everything you need, the next step is to install them into your nginx configuration

So all you need is to add the following 2 lines into your server section within the website config file 😉

    ssl_certificate /etc/ssl/;
    ssl_certificate_key /etc/ssl/;

Now all you need is to restart nginx, and you should get a warning in your browser, I accept the warning, then make it permanent in firefox from the settings

Settings -> Privacy & Security -> Security -> Certificates -> View Certificates... -> Servers Then switch it from temporary to permanent

And that’s that

Posted in SSL

Leave a Reply

Your email address will not be published. Required fields are marked *