UPDATE: Alternative to Self Signed Certificate you can use free SSL certificate from Let's Encrypt CA. Here is a link to my next blog https://blog.kherwa.com/2017/06/18/how-to-get-free-ssl-certificate-for-your-domain/

This blog runs on open source software Ghost and is hosted on Amazon cloud EC2 service.

As admin section of your blog should be secure. It should run on HTTPS scheme, so that your passwords & other important data is encrypted before it is being sent through network.

What is a Self Signed Certificate?

Asymmetric cryptography works with two different keys. One of which is a public key and another is private key. You share your public key with everyone so that they can encrypt data with it, and on receipt of encrypted data you decrypt it with your private key. This makes communication between you and other person secure.

The public key mentioned above is called certificate. 

If the certificate is issued by a CA(Certificate Authority) ex. Verizon, Entrust, Symantec etc. its a public certificate.If you have generated your own certificate without a CA it is known as Self Signed Certificate.

How to generate a Self Signed Certificate

openssl req -x509 \
      -nodes -days 365 \
      -newkey rsa:2048 \
      -keyout YOUR_DOMAIN.key -out YOUR_DOMAIN.crt

openssl is a program for generating SSL certificates.
for more info OpenSSL.

You can view tutorial on how to use it:
Tutorial Here.

How to use Self Signed Certificate with Ghost

We will be using nginx HTTP and reverse proxy server on ubuntu 16.04.2 LTS. for more info visit: nginx.

Install NGINX

sudo apt-get install nginx

it will be installed at /etc/nginx, then create a directory ssl.

sudo mkdir /etc/nginx/ssl

Generate SSL certificate

sudo openssl req -x509 \
      -nodes -days 365 \
      -newkey rsa:2048 \
      -keyout /etc/nginx/ssl/YOUR_DOMAIN.key \
      -out /etc/nginx/ssl/YOUR_DOMAIN.crt

Command will prompt for your site information, most important is Comman Name fill it with your site fully qualified domain name.
For further reading visit Tutorial Here.

NGINX Configuration to use SSL with Ghost

server {
 listen 80;
 listen 443 ssl;
 server_name YOUR_DOMAIN.com;
 location / {
   proxy_set_header X-Forwarded-For 
   proxy_set_header Host $http_host;
   proxy_set_header X-Forwarded-Proto $scheme;

Restart NGINX

sudo service nginx restart

If you have not already configured nginx for Ghost,
visit this doc NGINX Config

SSL only for admin section of Ghost

Open Ghost configuration file

cd /var/www/ghost
sudo nano config.js


forceAdminSSL: true

make sure url parameter starts with http:// so that normal content on blog will be served on port 80, whereas admin section will bbe served on secure port 443 .

Amazon EC2

Just open port 443 in security group if you had not already opened it before.