$ openssl req -x509 -nodes -days365-newkey rsa:2048-keyout ~/nginx-selfsigned.key -out ~/nginx-selfsigned.crtGenerating a 2048bit RSA privatekey.................................................................................................................................+++
........+++writing new privatekeyto'/home/tigergraph/nginx-selfsigned.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Nameor a DN.There are quite a few fields but you can leave some blankFor some fields there will be a defaultvalue,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:USStateor Province Name (full name) [Some-State]:CaliforniaLocality Name (eg, city) []:Redwood CityOrganization Name (eg, company) [Internet Widgits Pty Ltd]:TigerGraph Inc.Organizational Unit Name (eg, section) []:GLE Common Name (e.g. server FQDN or YOUR name) []: my.ip.addr.numEmail Address []:engineer@tigergraph.com
$curlhttps://localhost:14240curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: noneMoredetailshere:http://curl.haxx.se/docs/sslcerts.htmlcurlperformsSSLcertificateverificationbydefault,usinga"bundle"ofCertificateAuthority (CA) public keys (CAcerts). If the defaultbundlefileisn't adequate, you can specify an alternate fileusing the --cacert option.If this HTTPS server uses a certificate signed by a CA represented inthe bundle, the certificate verification probably failed due to aproblem with the certificate (it might be expired, or the name mightnot match the domain name in the URL).If you'dliketoturnoffcurl's verification of the certificate, usethe -k (or --insecure) option.