In this tutorial we will cover the steps needed to set up self-signed SSL certificate for the Apache web server on your CentOS 6.4, Debian or Ubuntu platform.

Requirements

  • CentOS 6.4, Debian or Ubuntu installed on your computer/server
  • SSH access (Command line access to the server)
  • root privileges
  • Basic skills for working on a Linux environment
  • Apache installed on the computer/server

The SSL certificate allows us to access the web server through an encrypted secured connection. Approved SSL vendors can issue validated SSL certificates. We can also generate a self-signed SSL certificate on our server. In that case the connection will be again encrypted however everytime we try to access the corresponding website protected by the SSL certificate we will receive an SSL warning that the certificate was not issued by trusted SSL vendor.

Create a server key and Certificate Signing Request

In order to organize the certificate related files we will create new folder called ssl/ inside /etc/httpd/:

Once inside the folder we can generate the key file:

You will be prompted to set a passphrase for the key:

Make sure that you don't forget/lose the passphrase otherwise you might experience problems in the future.

We will continue with the creation of the Certificate Signing Request (CSR):

You will be prompted to enter the passphrase related to the ssl.key:

After that few other fields should be filled as well:

Sign the SSL certificate

Now we can generate the certificate file:

The -days option allows us to generate the SSL certificate for specific period – in our case 1 year (365 days).

Configure the SSL certificate to work with Apache

First make sure that the Apache mod_ssl is included inside the server configuration:

CentOS:

If the module is not installed on the server you can install it using the default package manager:

After that we can go ahead and edit the Apache SSL configuration file:

Make sure that the file to the SSL certificate and key files is set correctly:

When done we can restart the Apache server:

Debian/Ubuntu:

Make sure that mod_ssl is loaded on the server:

After that we need to make sure that the Apache service will listen for HTTPS connections on port 443. Check if the following lines persists inside:

Create virtual host file for yourdomain.com:

and enable the virtual host:

When done we can restart the Apache service:

Test the functionality of the SSL certificate

Prior the test make sure that the default HTTPS port 443 is opened on the server:

In case that yourdomain.com is pointed to the server's IP address you should be able to access the content of the default web root folder through:

An SSL warning message should be displayed informing us about the fact that the SSL certificate is self-signed (not issued by trusted SSL vendor).

An easy way to find your server's IP address is to execute the following command: