Currently our [turnkey-make-ssl-cert])https://github.com/turnkeylinux/turnkey-ssl/blob/master/turnkey-make-ssl-cert) script generate certificates with the content like this:
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
However, at least newer versions of nginx expect self signed certs be include "TRUSTED". I.e.:
-----BEGIN TRUSTED CERTIFICATE-----
[...]
-----END TRUSTED CERTIFICATE-----
I can confirm that manually making that change allows nginx to serve via https. My reading suggests that using the -trustout switch when calling openssl will automatically do that. E.g. (this is an example I found online):
openssl req -trustout -x509 -newkey rsa:4096 -sha256 -nodes -keyout privkey.pem -out fullchain.pem -days 3650
Currently our [
turnkey-make-ssl-cert])https://github.com/turnkeylinux/turnkey-ssl/blob/master/turnkey-make-ssl-cert) script generate certificates with the content like this:However, at least newer versions of nginx expect self signed certs be include "TRUSTED". I.e.:
I can confirm that manually making that change allows nginx to serve via https. My reading suggests that using the
-trustoutswitch when callingopensslwill automatically do that. E.g. (this is an example I found online):