-
Notifications
You must be signed in to change notification settings - Fork 335
Open
Labels
reference informationContains useful reference informationContains useful reference informationresolvedIssue has been resolvedIssue has been resolved
Description
Hi,
Cheers for making this, just wondering is there any way I can generate the chain.pem when I am doing selfsigned? Basically I have setup a host record for my.dev
and self-signed that url, which has made fullchan.pem
and privatekey.pem
however nginx is failing to start because it's expecting chain.pem
Metadata
Metadata
Assignees
Labels
reference informationContains useful reference informationContains useful reference informationresolvedIssue has been resolvedIssue has been resolved
Projects
Milestone
Relationships
Development
Select code repository
Activity
mjstealey commentedon Oct 3, 2018
@falconmick - The Nginx configuration is defaulted to use Let's Encrypt format which will generate four
.pem
filesprivkey.pem
: the private key for your certificate.fullchain.pem
: the certificate file used in most server software.chain.pem
: used for OCSP stapling in Nginx >=1.3.7.cert.pem
: will break many server configurations, and should not be used without reading further documentation.The
fullchain.pem
was generated by concatenating thecert.pem
andchain.pem
files together (withcert.pem
being the first entry)Only three of the above files are then used in the config file, but the contents of
cert.pem
is already encapsulated by thefullchain.pem
file.If you're not using Let's Encrypt for certificates you can update the Nginx SSL configuration file to suit your particular case. OpenSSL can be used to generate self signed certificates, generally something like:
openssl req -newkey rsa:4096 -days 365 -nodes -x509 \ -subj "/C=US/ST=North Carolina/L=Chapel Hill/O=Local/OU=Development/CN=local.dev/emailAddress=email@local.dev" \ -keyout local.dev.key \ -out local.dev.crt
The output of the above command is a
local.dev.crt
certificate file and alocal.dev.key
key file. Say these are saved in a local directory namedself_signed_certs/
Would then remap the Nginx configuration to use those two new files
Update the
nginx
volume entry in thedocker-compose.yml
file to mount your self signed certificates.At this point you should be ready to go using self signed certificates in a development environment.
More information on OpenSSL certificate generation https://jamielinux.com/docs/openssl-certificate-authority/index.html
falconmick commentedon Oct 3, 2018