[Windows] Using a self-signed certificate for HTTPS connection with Nginx

Intro

This time, I will create a self-signed public certificate to enable HTTPS connection with Nginx.

• Xubuntu + Nginx + Go(+ Pion/WebRTC) + Node.js

Creating a self-signed public certificate

Adding a custom domain

First, I add a custom domain into "C:\Windows\System32\drivers\etc\hosts" file.

hosts

 ... 127.0.0.1 goapp.sample.jp 

Creating a self-signed public certificate and exporting it

I create a self-signed public certificate by PowerShell(open as administrator).

 New-SelfSignedCertificate -DnsName goapp.sample.jp -Subject "CN=goapp.sample.jp" -CertStoreLocation "cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256 

To export the certificate, I open "certlm.msc".
And I export it as "goappsample.pfx".

After exporting, I install it into "LocalMachine\Trusted Root Certification Authorities".

• Create a self-signed public certificate to authenticate your application - Microsoft Learn

Creating pem and key files

To use the certificate from Nginx, I create a pem file and a key file from "goappsample.pfx" by OpenSSL.
This time, I use a OpenSSL Light released by "Shining Light Productions".

• Win32/Win64 OpenSSL installer for Windows - Shining Light Productions

 openssl pkcs12 -in goappsample.pfx -clcerts -nokeys -out goappsample.pem openssl pkcs12 -in goappsample.pfx -nocerts -nodes -out goappsample.key 

Then I add them into a conf file of Nginx.

webappsample.conf

 server { listen 443 ssl; server_name goapp.sample.jp; ssl_certificate C:/Users/example/Documents/goappsample.pem; ssl_certificate_key C:/Users/example/Documents/goappsample.key; location / { root html; index index.html index.htm; } location /webrtc { proxy_pass http://localhost:8080; } }