Create a Self-Signed SSL Certificate for Apache2 HTTP in Ubuntu 18.04

Create a Self-Signed SSL Certificate for Apache2 HTTP in Ubuntu 18.04

Today this article is all about, “Create a Self-Signed SSL Certificate for Apache2 HTTP in Ubuntu 18.04”.

You don’t need publicly signed SSL/TLS certificates. However, recently I am working on one of my projects, and in that project, I need to work with a webcam. In that scenario, I need SSL/TLS certificates during internal testing in development environments.

I have only one option is to use self-signed certificates…

It’s a mechanism that allows private communication between two network devices. It creates a secure connection between web server and web clients and many others network services…

There are two types of certificates: A public and private certificates…

On a website, we are using public certificates and for internally private or self-signed for testing purpose.

STEP 1: Install APACHE2 HTTP Server

If you don’t have APACHE2 HTTP installed, Simply type below command in your terminal. This command helps you to install APACHE2 HTTP server on Ubuntu 18.04.

sudo apt update
sudo apt install apache2

Step 2: Creating Self-Signed Certificates

When you can’t install or afford trusted certificates from a certificate authority, you may get by with self-signed certificates. Both trusted, and self-signed certificates are the same and use the same protocols… the only difference is, one is trusted by a third party, and the other is not.

When you’re ready, run the commands below to generate the private server key as well as the self-signed SSL/TLS certificate for the chiragpatel.com domain… you’ll be using.

Note: chiragpatel.com is my server name

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/chiragpatel.com.key -out /etc/ssl/certs/chiragpatel.com.crt

After running the commands above, you’ll be prompted to answer a few questions about the certificate you’re generating… answer them and complete the process.

Note: change red text according to your preferences

Generating a 2048 bit RSA private key
........+++
.....................+++
writing new private key to 'mydomain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:<span style="color: #ff0000;">IN</span>
State or Province Name (full name) [Some-State]:<span style="color: #ff0000;">Gujarat</span>
Locality Name (eg, city) []:<span style="color: #ff0000;">Vadodara</span>
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Company
Organizational Unit Name (eg, section) []:SSL Unit
Common Name (e.g. server FQDN or YOUR name) []:<span style="color: #ff0000;">chiragpatel.com</span>
Email Address []:<span style="color: #ff0000;">[email protected]</span>

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: LEAVE BLANK
An optional company name []:

Step 3: Installing The Certificates

After generating the certificate, the next step will be to install it on an Apache2 server. To do that, open Apache2 SSL/TLS config file in Ubuntu and add the highlighted lines below…

sudo nano /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
 <VirtualHost _default_:443>       
                ServerAdmin [email protected]
                ServerName <span style="color: #ff0000;">chiragpatel.com</span>
                ServerAlias <span style="color: #ff0000;">www.chiragpatel.com</span>
                DocumentRoot <span style="color: #ff0000;">/workspace/chiragpatel</span>

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/<span style="color: #ff0000;">chiragpatel</span>.com.crt
                SSLCertificateKeyFile   /etc/ssl/private/<span style="color: #ff0000;">chiragpatel</span>.com.key
                #
                #SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

 </VirtualHost>
</IfModule>

Save and close it.

Next, open Apache2 default site config file and make sure the domain name is defined.

sudo nano /etc/apache2/sites-available/000-default.conf

Or else you can create the separate file.

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        
        ServerName <span style="color: #ff0000;">chiragpatel.com</span>
        ServerAlias <span style="color: #ff0000;">www.chiragpatel.com</span>

        ServerAdmin <span style="color: #ff0000;">[email protected]</span>
        DocumentRoot <span style="color: #ff0000;">/workspace/chiragpatel</span>
</VirtualHost>
sudo apachectl configtest
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo systemctl restart apache2.service

or 

sudo service apache2 restart

You will see, follow the instaructions,

Create a Self-Signed SSL Certificate for Apache2 HTTP in Ubuntu 18.04
Create a Self-Signed SSL Certificate for Apache2 HTTP in Ubuntu 18.04

Step 4: Redirect

Open,

sudo vim /etc/apache2/sites-available/000-default.conf

Add below a line,

<VirtualHost *:80>
        . . .

        Redirect permanent "/" "https://<span style="color: #ff0000;">chiragpatel.com</span>/"

        . . .
</VirtualHost>

Save and close the file.

Restart Apache2 and check again.

sudo systemctl restart apache2

That’s it. cheers. Happy Coding!

Adam Brown
Please follow and like us:

Leave a Comment