Creating a Self-Signed SSL Certificate on Ubuntu
This article will walk you through installing self-signed certificate. Self-signed certificates are great for testing your applications SSL dependiencies in yout development environment. For a production site, replace the self signing directions with the directions supplied to you by your SSL vendor. I like to start by creating an SSL directory under /etc/apache2. From here it’s a matter of creating the certificate files and telling your site configuration where to find them.
mkdir /etc/apache2/ssl && cd /etc/apache2/ssl
Create the self-signed certificate.
sudo openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
You will need to complete a certificate signing request (CSR). You will be asked several questions, since this is a self signed certificate, used in a non-production environment, you can just leave most of them blank or enter anything you want. I answered with the following
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: IL
Locality Name (eg, city) []: Chicago
Organization Name (eg, company) [Internet Widgits Pty Ltd]: My Org
Organizational Unit Name (eg, section) []: My Unit
Common Name (eg, YOUR name) []: example.com
Email Address []: webmaster@example.com
You may be asked some challenge questions, leave these blank.
A challenge password []:
An optional company name []:
Now we need to tell the server that a specific site can use the certificate. For the sake of argument we will just configure the default-ssl setup.
vim /etc/apache2/sites-available/default-ssl
Find and comment out the following lines
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Find the following line
SSLEngine on
And add the following right below it
# Use our self-signed certificate by default
SSLCertificateFile /etc/apache2/ssl/apache.pem
You should now have the following
SSLEngine on
# Use our self-signed certificate by default
SSLCertificateFile /etc/apache2/ssl/apache.pem
Now (re)load the ssl site configuration and restart Apache
a2dissite default-ssl
service apache2 restart
a2ensite default-ssl
service apache2 restart