Create a Self Signed SSL Certificate on Apache for Ubuntu 14.04

SSL Self Signed Apache Ubuntu Certificate Security OpenSSL


SSL stands for Secure Sockets Layer. An SSL certificate encrypts the data that is sent and received by the client without the possibility of someone reading the data in the middle, mostly known as man in the middle attack.

In this tutorial, we will create a self-signed SSL certificate for Apache. While using a self-signed SSL certificate is secure and encrypts the data between the server and the client, we highly suggest that you purchase an SSL certificate from a trusted SSL certificate provider.

Installing Apache and SSL module

If you don't already have Apache installed, you can use the following command to install apache using Ubuntu Apt-get.

# sudo apt-get update
# sudo apt-get install apache2

Apache web server comes with an SSL module, we can enable the SSL module using the command:

# sudo a2enmod ssl
# sudo service apache2 restart

Generating the SSL Certificate

First, we need to create a directory to store the SSL certificates.

# sudo mkdir /etc/apache2/ssl

Now we will use the OpenSSL package that comes pre-installed with Ubuntu 14.04 to create the SSL certificates.

# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

The above command will generate a 2048-bit private key and an SSL certificate that will be valid for 365 days.

Now you will be asked to answer few questions. It is important that you set the Common Name option appropriately, you need to enter the domain name or the public IP address if you do not have a domain.

Configuring Apache

We need to edit the default SSL configuration for apache to use the certificate we generated. In this tutorial we will use vim to edit the configuration file, you can use your preferred text editor to edit the file below. 

# sudo vim /etc/apache2/sites-available/default-ssl.conf

Edit or add the following lines and replace it using your own details.


SLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Now save and exit when you are done editing the file.

Activating the SSL Virtual Host

Now we can activate default-ssl virtual host by using the following command. 

# sudo a2ensite default-ssl.conf

Now restart Apache to load the new virtual host:

# sudo service apache2 restart

All done! Now you can visit your site using the following URL:

You will get a warning saying the security certificate is not trusted since we self-signed the SSL certificate, click continue or proceed anyway button to continue to your website.

    No comments found for this tutorial, be the first to leave a comment!

Last updated on
Jun 11, 2015