Klunky Blog

One liner OpenSSL Self-Signed Certificate? Yes, please

    $ openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout hixxxxxxxx.onion.key -out hixxxxxxxx.onion.crt

Stick it in your nginx configuration.

SSL Stapling not required because it's self-signed. So, it's commented.

    ssl_certificate         /etc/ssl/certs/hixxxxxxxx.onion.crt ;
    ssl_certificate_key     /etc/ssl/private/hixxxxxxxx.onion.key ;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.2;
    ssl_ecdh_curve  secp384r1;
    ssl_session_timeout 10m;
    ssl_session_tickets off;
    #ssl_stapling on;
    #ssl_stapling_verify on;
    #ssl_trusted_certificate /etc/blah/blah/blah.pem;  
    resolver 127.0.0.1 8.8.8.8 valid=300s;
    resolver_timeout 2s;

We're good to go.

Klunky Blog

Recent Posts

Archive

Posts tagged with “self-signed”

One liner OpenSSL Self-Signed Certificate? Yes, please