Securing NGINX (Debian/Ubuntu)

Step 1 - Creating the Certificates

Creating the NGINX SSL/TLS Certificates

Elliptical Curves are as strong as RSA encryption, however; they have a smaller footprint and require less overhead for cpu/network topologies. When deployed in high traffic situations, any cost savings without compromising something is always welcome. You can choose to generate an RSA or EC certificate and you will be fine with either. For those who have special cases or a need for running both, this is possible and will be discussed in a future update to this document. To create the Certificates, please refer to the OpenSSL Tutorial or the Java Keytool Tutorial to create the CSR's and Certificates


Switch user and become sudo (root) or you will have to type sudo before most commands from this point forward

 sudo su