How to Create and Install Self Signed Certificate in Apache
Abstract: Create a self-signed certificate for your domain using the following command. sudo mkdir -p /etc/pki/tls/certs443> ServerAdmin [email protected] Serve
SSL is useful for secure communication between user and web server. Certificate encrypt the data while traveling on public lines, So it will be secure from hackers. Self-signed certificates are free to use but do not use in the production environment where confidential data like a credit card, PayPal information are used. Click here to read more details about Self-signed certificates.
This how-to guide will help you to step by step create and install Self Signed Certificate in Apache server on Linux systems.
Step 1 – Install mod_ssl PackageIn order to set up a SSL certificate, make sure mod_ssl is installed on your system. If it’s not already installed, use the following command to install it. Also, install OpenSSL package to create the certificate.
sudo apt-get install openssl # Debian based systems sudo yum install mod_ssl openssl # Redhat / CentOS systems sudo dnf install mod_ssl openssl # Fedora 22+ systemsStep 2 – Create Self Signed Certificate
After installing mod_ssl and OpenSSL, Create a self-signed certificate for your domain using the following command.
sudo mkdir -p /etc/pki/tls/certs sudo cd /etc/pki/tls/certs
Now create SSL certificate
sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout example.com.key -out example.com.crtOutput
Generating a 2048 bit RSA private key ....................................+++ ...................................+++ writing new private key to 'example.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: IN State or Province Name (full name) []: Delhi Locality Name (eg, city) [Default City]: Delhi Organization Name (eg, company) [Default Company Ltd]: TecAdmin Organizational Unit Name (eg, section) []: blog Common Name (eg, your name or your server's hostname) []: www.example.com Email Address []: [email protected]
The above command will create one ssl key file example.com.key and one certificate file example.com.crt in current directory.
Step 3 – Install Self Signed Certificate in ApacheNow you have self-signed SSL certificate and key file. Next to edit Apache SSL configuration file and edit/update as per following directives.
Apache VirtualHost Configuration <VirtualHost *:443> ServerAdmin [email protected] ServerName www.example.com ServerAlias example.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key </VirtualHost>1234567891011<VirtualHost *:443> ServerAdmin admin@example.com ServerName www.example.com ServerAlias example.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key</VirtualHost> Step 4 – Restart ApacheIf above command doesn’t show any error restart Apache service.
sudo systemctl restart apache2 # Debian based systems sudo systemctl restart httpd # Redhat based systemsStep 5 – Test Website with HTTPS
Finally, open your site in your favorite web browser using https. It required opening port 443 to access a site using https.
https://www.example.com
As we are using a self-signed certificate, you will get a warning message in your browser. You can simply ignore this message using below steps
Firefox User: Expand I Understand the Risks >> Click Add Exception >> Click Confirm Security Exception.
Chrome User: Click Proceed anyway button.
IE Users: Click Continue to this website (not recommended) link.
