Creating a Self-Signed SSL Certificate on Ubuntu

This article will walk you through installing self-signed certificate. Self-signed certificates are great for testing your applications SSL dependiencies in yout development environment. For a production site, replace the self signing directions with the directions supplied to you by your SSL vendor. I like to start by creating an SSL directory under /etc/apache2. From here it's a matter of creating the certificate files and telling your site configuration where to find them.

mkdir /etc/apache2/ssl && cd /etc/apache2/ssl

Create the self-signed certificate.

sudo openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem

You will need to complete a certificate signing request (CSR). You will be asked several questions, since this is a self signed certificate, used in a non-production environment, you can just leave most of them blank or enter anything you want. I answered with the following

Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: IL
Locality Name (eg, city) []: Chicago
Organization Name (eg, company) [Internet Widgits Pty Ltd]: My Org
Organizational Unit Name (eg, section) []: My Unit
Common Name (eg, YOUR name) []:
Email Address []: [email protected]

You may be asked some challenge questions, leave these blank.

A challenge password []:
An optional company name []:

Now we need to tell the server that a specific site can use the certificate. For the sake of argument we will just configure the default-ssl setup.

vim /etc/apache2/sites-available/default-ssl

Find and comment out the following lines

SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

Find the following line

SSLEngine on

And add the following right below it

# Use our self-signed certificate by default
SSLCertificateFile /etc/apache2/ssl/apache.pem

You should now have the following

SSLEngine on

# Use our self-signed certificate by default
SSLCertificateFile /etc/apache2/ssl/apache.pem

Now (re)load the ssl site configuration and restart Apache

a2dissite default-ssl
service apache2 restart

a2ensite default-ssl
service apache2 restart