How to create and install self signed certificate

→ Are you a new visitor? Please visit the page guidance for new visitors ←

What is a self signed certificate?

Usually when people do hear that a server has a self signed certificate they go like “What?! Your server is unprotected!” and things like that, well that is wrong! Not 100% wrong, but most of the time it is, and now you’re probably thinking: why? Well its true that some abuse cases made use of self signed certificate to impersonate some other companies or the like, however browsers nowadays always notify you that a certificate is indeed not trustworthy due to being a self signed certificate and it gives you the option to manually confirm and add it to an exception if you wish. In that part when you confirm the self signed certificate you can view the actual certificate and decide if this is really trying to impersonate someone. In this tutorial I’ll show you how you can create and install self signed certificate on your web server Apache on linux.

Creating the self signed certificate

The first real step is to create your own certificate, on this tutorial we’re going to show you how you can do this on a Ubuntu linux (that’s my current OS installation so its easier for me), but you can use any linux distribution that has openssl installed. The commands you need to use are bellow:

This will create a self signed certificate and private key valid for 365 days. It will also use RSA with a 2048 bits for encoding. For those who do not have openssl installed, they can install it using:

Two new files will be created in the folder you are located:

  • server.key
  • server.crt

These two files are the ones you need to use to setup your SSL configuration settings.

Install the self signed certificate on Apache web server

Installing the certificate is not that hard, I’m going to be showing you how you can do this on a linux box using Ubuntu and CentOS. In both cases the directives that need to be used are:

  • ┬áSSLEngine — Enable the SSL engine on this virtualhost
  • SSLCertificateFile — This is the path to the certificate file
  • SSLCertificateKeyFile — This is the path to the private key file

That’s mostly the case of things on all VirtualHost configurations. Of course you need to have first the SSL module enabled on your Apache installation. Normally on CentOS / Redhat you’re on the safe side, its already there, but on Ubuntu / Debian installations you may need to enable it as its not enabled by default:

And then restart your web server.

The complete Virtualhost configuration would be something similar to:

That’s about it for now, if you have questions or something is not working, feel free to comment bellow and I’ll try to help out.

See you again on our next tutorial.

Request an article ←