3

I want to install self-signed SSL certificate on apache web server step by step.

Kartik Agarwal
  • 675
  • 6
  • 13
  • 1
    Have you already checked this out? [How To Create a Self-Signed SSL Certificate for Apache in Ubuntu 16.04](https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04) – Valentin Bauer Nov 13 '17 at 08:13
  • See https://help.ubuntu.com/lts/serverguide/certificates-and-security.html#creating-a-self-signed-certificate . post if you have a specific question about a specific step – Panther Nov 13 '17 at 08:26
  • you can find details in my answer – shivraj singh Nov 14 '17 at 06:53
  • Possible duplicate of [When does Ubuntu 16.04 use /etc/apache2/ssl/apache.crt?](https://askubuntu.com/questions/900400/when-does-ubuntu-16-04-use-etc-apache2-ssl-apache-crt). Also this one could be helpful: [How do you set up SSL certificates for additional ports in Apache?](https://askubuntu.com/questions/950815/how-do-you-set-up-ssl-certificates-for-additional-ports-in-apache?noredirect=1&lq=1) – pa4080 Nov 14 '17 at 07:20

1 Answers1

3

Follow below command for SSL in Ubuntu 16.04

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

Output:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc.
Organizational Unit Name (eg, section) []:Ministry of Water Slides
Common Name (e.g. server FQDN or YOUR name) []:server_IP_address
Email Address []:admin@your_domain.com

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Modify the Default Apache SSL Virtual Host File:

sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak

$ cat /etc/apache2/sites-available/default-ssl.conf

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost

                DocumentRoot /var/www/html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on

                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                # BrowserMatch "MSIE [2-6]" \
                #               nokeepalive ssl-unclean-shutdown \
                #               downgrade-1.0 force-response-1.0

        </VirtualHost>
</IfModule>
pa4080
  • 29,351
  • 10
  • 85
  • 161
shivraj singh
  • 187
  • 1
  • 10