Create your own self signed certificate and enable SSL (Ubuntu)

September 28, 2008

1. Switch to root

sudo su

2. Install package

apt-get install openssl

3. Make directory

mkdir /etc/apache2/ssl

4. Create certificate (For common name you can use *.example.org to allow all subdomains)

RANDFILE=/dev/random openssl req $@ -new -x509 -days 365 -nodes \
-out /etc/apache2/ssl/apache.pem \
-keyout /etc/apache2/ssl/apache.pem

5. Set permissions

chmod 600 /etc/apache2/ssl/apache.pem

6. Copy default config

cd /etc/apache2/sites-available/
cp default ssl

7. Open ssl …

sudo nano ssl

…and replace top of the file with:

NameVirtualHost *:443
<VirtualHost *:443>
 SSLEngine On
 SSLCertificateFile /etc/apache2/ssl/apache.pem

8. Enabled conf

a2ensite ssl

9. Enable mod

a2enmod ssl

10. Restart apache

/etc/init.d/apache2 restart

If you go the domain with https:// in Firefox you should be told “The certificate is not trusted because it is self signed.”, then add an exception to allow it.

1 year ago

Phil Dawson

phil has a blog - Create your own self signed certificate and enable SSL (Ubuntu)

Create your own self signed certificate and enable SSL (Ubuntu)