This how-to guide will help you to step by step create and install Self Signed Certificate in Apache server on Linux systems.
Read more: How to Create and Install Self Signed Certificate in Apachesudo apt-get install openssl # Debian based systems
sudo yum install mod_ssl openssl # Redhat / CentOS systems
sudo dnf install mod_ssl openssl # Fedora 22+ systems
Step 2 – Create Self Signed Certificate (please change to your domain name 🙂
Now create SSL certificate. Change the name “apache” to your site name if you plan on multiple sites. Openssl will ask you for some info about your organization. You can leave most of this blank, but the one important thing you’ll need to fill out is the “Common Name,” which you’ll want to set to your server’s IP address or domain name.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache.key -out /etc/ssl/certs/apache.crt
Output:
Generating a RSA private key
.............................+++++
......+++++
writing new private key to 'apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:TX
Locality Name (eg, city) []:Austin
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Apache
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:apache.com
Email Address []:user@localhost
We’ll also want to generate a Diffie-Hellman group. This is used for perfect forward secrecy, which generates ephemeral session keys to ensure that past communications cannot be decrypted if the session key is compromised.
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
Step 3 – Configure Apache to Use Your Self-Signed Certificate
Edit Apache SSL configuration file and edit/update as per following directives.
Add a snipit file.
sudo touch /etc/apache2/conf-available/ssl-params.conf
Add the following:
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
Apache VirtualHost Configuration
<VirtualHost *:80>;
ServerName ipgw.io
ServerAlias www.ipgw.io
ServerAdmin webmaster@ipgw.io
DocumentRoot /var/www/ipgw
<Directory /var/www/ipgw>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/ipgw.io-error.log
CustomLog ${APACHE_LOG_DIR}/ipgw.io-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin rogerp@local
ServerName www.ipgw.io
ServerAlias ipgw.io
DocumentRoot /var/www/ipgw
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ipgw.io.crt
SSLCertificateKeyFile /etc/pki/tls/certs/ipgw.io.key
</VirtualHost>
Step 4 – Test config, Enable SSL and Restart Apache
sudo a2enmod ssl
sudo apachectl configtest
sudo systemctl restart apache2 # Debian based systems
Step 5 – Test Website with HTTPS
Finally, open your site in your favorite web browser using https.
https://www.example.com
As we are using a self-signed certificate, you will get a warning message in your browser. You can simply ignore this message.
If you find this helpful, please donate.