This article explains how to generate a self signed certificate for Apache web server.
What is SSL and SSL certificates
SSL is an essential part of creating a secure site. SSL certificates allow you encrypt all the traffic sent to and from your web site to prevent others from viewing all of the traffic.
It uses public key cryptography to establish a secure connection. This means that anything encrypted with a public key (the SSL certificate) can only be decrypted with the private key (stored only on the server) and vice versa.
A self signed certificate is a certificate that is signed by the person creating it rather than a trusted certificate authority.
Free self signed certificates can enable the same level of encryption as a certificate signed by a trusted authority.
When to Use and Not Use a Self Signed Certificate
Visitors will see a warning in their browsers when connecting to an Apache site that uses a self signed certificate until it is permanently stored in their certificate store.
An SSL certificate is signed by a trusted third-party, it verifies the identity of the server so clients know they aren’t sending their information (encrypted or not) to the wrong person. A self signed certificate is a certificate that is signed by itself rather than a trusted third party
You will almost never want to use a self signed certificate on a public server that requires anonymous visitors to connect to your site because they could easily become a victim of a man-in-the-middle attack.
But there are several scenarios when to use a self signed certificate:
* use on a development server when you develop and test your applications.
* use in intranet when clients only have to go through a local intranet to get to the server.
! IMPORTANT ! Never use a self signed certificate on an e-commerce site or any site that transfers valuable personal information (credit cards, SSN, etc.). Use trusted SSL certificates instead.
Generate Apache Self Signed Certificate
1. Make sure OpenSSL is installed.
Try running “openssl” on the command line to see if OpenSSL is already installed. If it is not, you will need to download a package or compile it from sources.
Once you have OpenSSL installed, run this command to create an Apache self signed certificate:
[codesyntax lang="bash"]
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt
[/codesyntax]
You will be prompted to enter your organizational information and a common name.
The common name should be the fully qualified domain name for the site you are securing (www.mydomain.com).
You can leave other fields blank.
After the command is finished running, it will create two files:mysitename.key, mysitename.crt.
Copy these files to some directory, for example, to /etc/ssl/crt/.
Configure Apache to use a Self Signed Certificate
Make sure mod_ssl is enabled:
[codesyntax lang=”bash”]
sudo a2enmod ssl
[/codesyntax]
Now we need to configure Apache virtual hosts to use the SSL certificate generated on the previous step.
Edit Apache configuration file (on Ubuntu server: /etc/httpd/httpd.conf).
Make a copy of the existing non-secure virtual host, paste it below, and change the port from port 80 to 443:
[codesyntax lang=”bash”]
<VirtualHost *:443> DocumentRoot /var/www/mysite ServerName www.mydomain.com SSLEngine on SSLCertificateFile /etc/ssl/crt/mysitename.crt SSLCertificateKeyFile /etc/ssl/crt/mysitename.key SSLCertificateChainFile /etc/ssl/crt/mysitename.crt </VirtualHost>
[/codesyntax]
Change the names of the files and paths to match your certificate files.
Restart Apache:
[codesyntax lang=”bash”]
sudo service apache2 restart
[/codesyntax]
Open your web site in browser by typing https://mydomain.com.
You may see warning like “The site’s security certificate is not trusted! “. Just continue to use this certificate.