[Windows] Using a self-signed certificate for HTTPS connection with Nginx

Intro

This time, I will create a self-signed public certificate to enable HTTPS connection with Nginx.

• Xubuntu + Nginx + Go(+ Pion/WebRTC) + Node.js

Creating a self-signed public certificate

Adding a custom domain

First, I add a custom domain into "C:\Windows\System32\drivers\etc\hosts" file.

hosts

...
127.0.0.1 goapp.sample.jp

Creating a self-signed public certificate and exporting it

I create a self-signed public certificate by PowerShell(open as administrator).

New-SelfSignedCertificate -DnsName goapp.sample.jp -Subject "CN=goapp.sample.jp" -CertStoreLocation "cert:\LocalMachine\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256

To export the certificate, I open "certlm.msc".
And I export it as "goappsample.pfx".

After exporting, I install it into "LocalMachine\Trusted Root Certification Authorities".

• Create a self-signed public certificate to authenticate your application - Microsoft Learn

Creating pem and key files

To use the certificate from Nginx, I create a pem file and a key file from "goappsample.pfx" by OpenSSL.
This time, I use a OpenSSL Light released by "Shining Light Productions".

• Win32/Win64 OpenSSL installer for Windows - Shining Light Productions

openssl pkcs12 -in goappsample.pfx -clcerts -nokeys -out goappsample.pem

 openssl pkcs12 -in goappsample.pfx -nocerts -nodes -out goappsample.key

Then I add them into a conf file of Nginx.

webappsample.conf

server {
    listen  443 ssl;
    server_name goapp.sample.jp;
    ssl_certificate C:/Users/example/Documents/goappsample.pem;
    ssl_certificate_key C:/Users/example/Documents/goappsample.key;

    location / {
        root   html;
        index  index.html index.htm;
    }
    location /webrtc {
        proxy_pass http://localhost:8080;
    }
}