How to create and install a self-signed certificate in Apache

SSL is useful for secure communication between users and web servers. The certificate encrypts the data as it travels over public wires so that it is not vulnerable to hackers. Self-signed certificates are free to use, but are not used in production environments, such as when using confidential data such as credit card or Paypal information. This article will introduce you to creating and installing a self-signed certificate in the Apache server on a Linux system.

Step 1: Install mod_ssl package

To set up an SSL certificate, make sure mod_ssl is installed on your system. If it is not installed yet, you need to use the following command to install it. Additionally, install the openssl package to create the certificate.

$ sudo apt-get install openssl          # Debian based systems 
$ sudo yum install mod_ssl openssl      # Redhat / CentOS systems 
$ sudo dnf install mod_ssl openssl      # Fedora 22+ systems

Step 2: Create a self-signed certificate

After installing mod_ssl and openssl, use the following command to create a self-signed certificate for your domain.

$ sudo mkdir -p /etc/pki/tls/certs
$ sudo cd /etc/pki/tls/certs

Now create the SSL certificate

$ sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout example.com.key -out example.com.crt

Output

Generating a 2048 bit RSA private key
....................................+++
...................................+++
writing new private key to 'example.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: IN
State or Province Name (full name) []: Delhi
Locality Name (eg, city) [Default City]: Delhi
Organization Name (eg, company) [Default Company Ltd]: TecAdmin
Organizational Unit Name (eg, section) []: blog
Common Name (eg, your name or your server's hostname) []: www.example.com
Email Address []: admin@example.com

The above command will create an ssl key file example.com.key and a certificate file example in the current directory .com.crt.

Step 3: Install the self-signed certificate in Apache

Now you have the self-signed SSL certificate and key file. Next edit the Apache SSL configuration file and follow the instructions below to edit/update it.

Apache virtual host configuration:

<VirtualHost _default_:443>
    ServerAdmin admin@example.com
    ServerName www.example.com
    ServerAlias example.com

    DocumentRoot /var/www/html

    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/example.com.crt
    SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key
</VirtualHost>

Step 4: Restart Apache

If the above command does not show any errors, please restart the Apache service.

$ sudo systemctl restart apache2       # Debian based systems   
$ sudo systemctl restart httpd         # Redhat based systems

Step 5: Test the website using https

Finally, open your site in your web browser using https. It requires port 443 to be opened to access the site using HTTPS.

 https://www.example.com

When we use a self-signed certificate, you will receive a warning message in your browser, just ignore this message.

The above is the detailed content of How to create and install a self-signed certificate in Apache. For more information, please follow other related articles on the PHP Chinese website!