SSL stands for Secure Sockets Layer. An SSL certificate encrypts the data that is sent and received by the client without the possibility of someone reading the data in the middle, mostly known as man in the middle attack.
In this tutorial, we will create a self-signed SSL certificate for Apache. While using a self-signed SSL certificate is secure and encrypts the data between the server and the client, we highly suggest that you purchase an SSL certificate from a trusted SSL certificate provider.
If you don't already have Apache installed, you can use the following command to install apache using Ubuntu Apt-get.
# sudo apt-get update # sudo apt-get install apache2
Apache web server comes with an SSL module, we can enable the SSL module using the command:
# sudo a2enmod ssl # sudo service apache2 restart
First, we need to create a directory to store the SSL certificates.
# sudo mkdir /etc/apache2/ssl
Now we will use the OpenSSL package that comes pre-installed with Ubuntu 15.04 to create the SSL certificates.
# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
The above command will generate a 2048-bit private key and an SSL certificate that will be valid for 365 days.
Now you will be asked to answer few questions. It is important that you set the Common Name option appropriately, you need to enter the domain name or the public IP address if you do not have a domain.
We need to edit the default SSL configuration for apache to use the certificate we generated. In this tutorial we will use vim to edit the configuration file, you can use your preferred text editor to edit the file below.
# sudo vim /etc/apache2/sites-available/default-ssl.conf
Edit or add the following lines and replace it using your own details.
ServerAdmin firstname.lastname@example.org ServerName yourdomain.com ServerAlias www.yourdomain.com SLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Now save and exit when you are done editing the file.
Now we can activate default-ssl virtual host by using the following command.
# sudo a2ensite default-ssl.conf
Now restart Apache to load the new virtual host:
# sudo service apache2 restart
All done! Now you can visit your site using the following URL:
Make sure that you allow HTTPS protocol and port 443 If you are using a firewall.
You will get a warning saying the security certificate is not trusted since we self-signed the SSL certificate, click continue or proceed anyway button to continue to your website.