Using SSl in nginx with identity server 4

In this article I will show you how to implement SSL/TLS in nginx on windows in a very comprehensive and step by step way

0) Download & Install OpenSSL from: https://slproweb.com/products/Win32OpenSSL.html
1) Create an OpenSSL config file (example: req.cnf):
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = US
ST = VA
L = SomeCity
O = MyCompany
OU = MyDivision
CN = www.company.com
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = www.company.com
DNS.2 = company.com
DNS.3 = company.net
Create the certificate referencing this config file by command in cmd:
openssl req -x509 -nodes -days 730 -newkey rsa:2048 \
-keyout cert.key -out cert.crt -config req.cnf -sha256
(Ref: https://stackoverflow.com/questions/43665243/invalid-self-signed-ssl-cert-subject-alternative-name-missing)
2) Add the generated certificate in trusted certficates list of Operating sysytem by following steps here:
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-create-temporary-certificates-for-use-during-development#installing-a-certificate-in-the-trusted-root-certification-authorities-store
3) Do configuration in nginx as :
server {
listen 80;
listen 443 default_server ssl;
server_name www.example.com;
ssl_certificate #Path to certificate here;
ssl_certificate_key #Path to key here;
other directives
}
4) In identity server place below code in configure in starup.cs before any other middleware:
5) var fordwardedHeaderOptions = new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
};
fordwardedHeaderOptions.KnownNetworks.Clear();
fordwardedHeaderOptions.KnownProxies.Clear();

Software engineer by profession,Continuous Leaner,Book lover