How to Setup Self Signed SSL Certificate on Apache

Written by Santosh Prasad

SSL certificate are commonly used to establish a secure connection between your web server and visitor. Using SSL certificate you can encrypt the connection to your website. You can purchase SSL certificate to secure your website from your web hosting company who sell offering from premium vendors such as Verisign, GeoTrust and etc.

In this article I will show how you can generate self signed SSL certificate for your website.

Setup Selfsign SSL Certificate on Apache

I assume you have apache and open SSL has been installed on your server. Follow the below steps to setup self signed SSL certificate for Apache.

Step #1 : Generate Your Apache Self Signed Certificate

First of all, generate your Apache self signed certificate using below command.

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mydomain.key -out mydomain.crt

You will get below output:

Generating a 2048 bit RSA private key
writing new private key to 'mydomain.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:DL
Locality Name (eg, city) [Default City]:New Delhi
Organization Name (eg, company) [Default Company Ltd]:looklinux
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:www.mydomain.com
Email Address []:

You will be prompted to enter your organizational information and a common name. The common name should be the fully qualified domain name for the site you are securing (www.mydomain.com). You can leave the email address, challenge password, and optional company name blank. When the command is finished running, it will create two files: a mydomain.key file and a mydomain.crt self signed certificate file valid for 365 days.

# ls -l 
-rw-r--r-- 1 root      root         1326 Dec 26 09:43 mydomain.crt
-rw-r--r-- 1 root      root         1704 Dec 26 09:43 mydomain.key

Step #2 : Install Your Self Signed Certificate

Next, you will need to configure your apache virtualhost section to use the SSL certificate. If you have only one apache virtualhost host to secure edit ssl.conf file. If you more then one apache virtualhost on your server then copy of the existing non-seucre virtualhost and change the port from 80 to 443 and enable the certificate as shown below.

<VirtualHost *:443>

ServerName www.mydomain.com
DocumentRoot /var/www/html

SSEngine on
SSLCertificateFile /etc/httpd/mydomain.crt
SSLCertificateKeyFile /etc/httpd/mydomain.key


Step #3 : Restart Apache Service

Now restart the apache service to apply the above changes.

# service httpd restart

Step #4 : Check the Apache Self Signed Certificate Installation

To check the Apache self signed certificate installation just go to the website in your web browser using https in the address bar (https://www.mydomain.com) and verify that the certificate is being given out by the server by clicking the certificate icon (after clicking through the warnings).

Thank you! for visiting Look Linux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at Look Linux Submit Article. Stay connected to Facebook.

About the author


Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment