SSL certificate are commonly used to establish a secure connection between your web server and visitor. Using SSL certificate you can encrypt the connection to your website. You can purchase SSL certificate to secure your website from your web hosting company who sell offering from premium vendors such as Verisign, GeoTrust and etc.
In this article I will show how you can generate self signed SSL certificate for your website.
Setup Selfsign SSL Certificate on Apache
I assume you have apache and open SSL has been installed on your server. Follow the below steps to setup self signed SSL certificate for Apache.
Step #1 : Generate Your Apache Self Signed Certificate
First of all, generate your Apache self signed certificate using below command.
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mydomain.key -out mydomain.crt
You will get below output:
Generating a 2048 bit RSA private key ..............................+++ ................................................................+++ writing new private key to 'mydomain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:IN State or Province Name (full name) :DL Locality Name (eg, city) [Default City]:New Delhi Organization Name (eg, company) [Default Company Ltd]:looklinux Organizational Unit Name (eg, section) :IT Common Name (eg, your name or your server's hostname) :www.mydomain.com Email Address :
You will be prompted to enter your organizational information and a common name. The common name should be the fully qualified domain name for the site you are securing (www.mydomain.com). You can leave the email address, challenge password, and optional company name blank. When the command is finished running, it will create two files: a mydomain.key file and a mydomain.crt self signed certificate file valid for 365 days.
# ls -l -rw-r--r-- 1 root root 1326 Dec 26 09:43 mydomain.crt -rw-r--r-- 1 root root 1704 Dec 26 09:43 mydomain.key
Step #2 : Install Your Self Signed Certificate
Next, you will need to configure your apache virtualhost section to use the SSL certificate. If you have only one apache virtualhost host to secure edit ssl.conf file. If you more then one apache virtualhost on your server then copy of the existing non-seucre virtualhost and change the port from 80 to 443 and enable the certificate as shown below.
<VirtualHost *:443> ServerName www.mydomain.com DocumentRoot /var/www/html SSEngine on SSLCertificateFile /etc/httpd/mydomain.crt SSLCertificateKeyFile /etc/httpd/mydomain.key </VirtualHost>
Step #3 : Restart Apache Service
Now restart the apache service to apply the above changes.
# service httpd restart
Step #4 : Check the Apache Self Signed Certificate Installation
To check the Apache self signed certificate installation just go to the website in your web browser using https in the address bar (https://www.mydomain.com) and verify that the certificate is being given out by the server by clicking the certificate icon (after clicking through the warnings).