Creating a self-signed certifcate for apache

Creating a self-signed certificate for an apache server is fairly straightforward. The following steps show you how to do it on an ubuntu / debian based system running apache:

If it doesn’t already exist, make the directory for the key, csr and certificate to go in:

mkdir /etc/apache2/ssl

Go to that directory:

cd /etc/apache2/ssl

Generate the private key (Enter a passphrase when prompted, we’ll remove this later)

openssl genrsa -des3 -out server.key 1024

Generate a CSR (Certificate Signing Request)

openssl req -new -key server.key -out server.csr

When prompted to enter the Common Name, use the site’s domain name (eg www.domain.com )

Remove the passphrase from the key (otherwise you’ll have to enter it every time you restart apache)

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Generate your self signed certifcate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Include the follow configuration in your site’s entry:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

Restart apache:

/etc/init.d/apache restart

As this is a self-signed certificate, your web browser will nag you that it can’t verify the site’s authenticity. In most browsers you can get around this by installing the certificate into the web browser.