How To Create SSL Certificate with Apache2 on Ubuntu 14.04

In this guide we will show you how to create self-signed SSL certificate with Apache2 on Ubuntu 14.04. First of all we must have Apache2 installed. If you do not have Apache2 installed yet you can check this guide How to install Apache2.

After we have Apache2 installed the next thing we shoud do is:

Step 1: Activate the SSL Module.

To enable the module just type in your terminal the following command:

sudo a2enmod ssl

Now we have the module enabled, but in order to make the changes go live we have to restart our web server with the following command:

sudo service apache2 restart

 

Step 2: Create a Self-Signed Certificate.

We can start by creating the directory where we will create our self-signed certificate by running the following command:

sudo mkdir /etc/apache2/ssl-certificate

Now as we created the directory where we will place our key and certificate we have to create them. We can do the creation of both with one single command looking like that:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl-certificate/apache.key -out /etc/apache2/ssl-certificate/apache.crt

Now press "ENTER" and you'll be asked to answer questions looking like this:

Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:Berlin
Locality Name (eg, city) []:Berlin United
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company
Organizational Unit Name (eg, section) []:Department of Dogs
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
Email Address []:[email protected]

When you are ready the key and the certificate will be placed in /etc/apache2/ssl-certificate/

Step 3: Configure Apache to use our SSL Certificate.

Now as we have our certificate and key created, we have to configure Apache to use them for our website.

To start configurating run this command:

sudo nano /etc/apache2/sites-available/default-ssl.conf

You should see something like this:

    
        ServerAdmin [email protected]
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        <FilesMatch ".(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        
        
                        SSLOptions +StdEnvVars
        
        BrowserMatch "MSIE [2-6]" 
                        nokeepalive ssl-unclean-shutdown 
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    

You have to edit the file so at the end it should look like this:

    
        ServerAdmin [email protected]
        ServerName your_domain.com
        ServerAlias www.your_domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl-certificate/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl-certificate/apache.key
        <FilesMatch ".(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        
        
                        SSLOptions +StdEnvVars
        
        BrowserMatch "MSIE [2-6]" 
                        nokeepalive ssl-unclean-shutdown 
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    

Save and exit the file.

 

Step 4: Activate the SSL Configuration and Test it!

To enable the new configuration just run this command:

sudo a2ensite default-ssl.conf

Then to make changes go live run this command:

sudo service apache2 restart

With this done we must be ready and now we have to test if the changes are applied. To do so just try to open your website with the HTTPS.

https://yourdomain.com

When you enter your domain with HTTPS you will see something like this:

This is expected since we have self-signed our certificate. While our certificate will not validate our server for our users because it has had no interaction with a trusted certificate authority, it will still be able to encrypt communication.

 

Since this is expected, you can hit the "Proceed anyway" button or whatever similar option you have in your browser.

 

Congratulations!

You have successfuly created a Self-Signed SSL certificate!

In addition if you want to purchase a trusted certificate you can use the same key as you used here.

Kind regards!

Share this post

Comments (0)

    There are no comments to this topic yet.


To post comments you must have account with VivasHost! To create an Account you must purchase any service you want.

Take a look at our VPS - Virtual Private Servers or our Dedicated Servers.