Get the most out of your Centmin Mod LEMP stack
Become a Member

SSL Creating your own self signed SPDY/3.1 SSL certificates

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Oct 2, 2014.

  1. eva2000

    eva2000 Administrator Staff Member

    30,138
    6,778
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,128
    Local Time:
    2:03 PM
    Nginx 1.13.x
    MariaDB 5.5
    I've updated the official Centmin Mod Nginx SPDY SSL guide with instructions on how to create and generate your own self signed SSL certificates and setup SPDY/3.1 SSL on Centmin Mod Nginx vhost. This maybe needed if you want to use Cloudflare's free Universal SSL certificates and Full SSL option which requires your web host domain end to also be encrypted (via a self signed certificate or a fully paid SSL certificate setup).

    Specific links:

    Self Signed SSL Certificate Notes


    • Self signed certificates will be report as being invalid or untrusted within your web browsers and is only used for testing or private usage and not for public live web site usage.

      [​IMG]
    • The only situation in which it would be of use in a production live environment is if you intend to use Cloudflare's free Universal SSL certificates and Full SSL option which requires your web host domain end to also be encrypted (via a self signed certificate or a fully paid SSL certificate setup). Flexible SSL vs Full SSL. There's a 24-48+ hour delay from you switching on Cloudflare's free Universal SSL and having it properly setup, so for that 24-48+ hours, your web host when accessed via https wil also report as being invalid or untrusted within your web browsers so you shouldn't setup a forced http to https redirect until the Cloudflare Universal SSL is actually working.

    Auto Nginx Vhost SPDY/3.1 SSL Generator



    I've been working on a script which, nginxgen_ssl.sh which can automatically do all the manual work required to create the initial CSR file, private key and automatically generate the self signed SSL certificate and create the Centmin Mod Nginx formatted vhost *.conf file. The nginxgen_ssl.sh, it's still in beta testing and only Premium Users have access right now - they get first access to most new alpha/beta codes/features I intend to develop along with access to discounted cheaper commercial SSL certificates ;)

    The script supports 2 types of SSL certificates created with either:
    • The common RSA 2048 bit or RSA 4096 bit keys or
    • The better performing newer ECC 256 bit keys which allow better SSL performance and are more secure - equivalent to RSA 3072 bit. You can read about the differences at SSL - ECC 256 bit vs RSA 2048 bit SSL

    Example ECC 256 bit SSL certificate + ECDSA signatures



    I am testing the newer ECC 256 bit keys with ECDSA signatures on my test domain at sslspdy.com.
     
    Last edited: Oct 3, 2014
    • Like Like x 4