This article will walk you through installing self-signed certificate. Self-signed certificates are great for testing your applications SSL dependiencies in yout development environment. For a production site, replace the self signing directions with the directions supplied to you by your SSL vendor. I like to start by creating an SSL directory under /etc/apache2. From here it's a matter of creating the certificate files and telling your site configuration where to find them.
mkdir /etc/apache2/ssl && cd /etc/apache2/ssl
Create the self-signed certificate.
sudo openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
You will need to complete a certificate signing request (CSR). You will be asked several questions, since this is a self signed certificate, used in a non-production environment, you can just leave most of them blank or enter anything you want. I answered with the following
Country Name (2 letter code) [AU]: US State or Province Name (full name) [Some-State]: IL Locality Name (eg, city) : Chicago Organization Name (eg, company) [Internet Widgits Pty Ltd]: My Org Organizational Unit Name (eg, section) : My Unit Common Name (eg, YOUR name) : example.com Email Address : firstname.lastname@example.org
You may be asked some challenge questions, leave these blank.
A challenge password : An optional company name :
Now we need to tell the server that a specific site can use the certificate. For the sake of argument we will just configure the default-ssl setup.
Find and comment out the following lines
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Find the following line
And add the following right below it
# Use our self-signed certificate by default SSLCertificateFile /etc/apache2/ssl/apache.pem
You should now have the following
SSLEngine on # Use our self-signed certificate by default SSLCertificateFile /etc/apache2/ssl/apache.pem
Now (re)load the ssl site configuration and restart Apache
a2dissite default-ssl service apache2 restart a2ensite default-ssl service apache2 restart