Creating self signed ssl certificates for apache
Here are some instructions for creating a self signed certificate for SSL on apache that actually work – preserved here so I can always find them:
From http://ubuntuforums.org/showthread.php?t=1112664
HOWTO: Apache2 Self-Signed Certificates (No Password Prompting)
If you are a web developer trying to test https:// connections to your local web server running Ubuntu, or just have some special web app that needs SSL locally and don’t have customers who expect you to have a real Thawte or Verisign certificate, then this document for at least Ubuntu 8.04 might help:
https://help.ubuntu.com/8.04/serverguide/C/httpd.html
However, if you follow its advice, you will end up with SSL and self-signed certificates that, upon reboot of the Apache2 service, will prompt you for a password. This might be annoying, but is actually a good security measure according to the doc above.
Now, if you are a developer who doesn’t want this annoyance and doesn’t have real reason to worry about the security problem of not prompting for a password, you can do the self-signed certificate a different way.
Self-Signed Certs on Ubuntu 8.04 (No Apache Service Start Password Version)
{Note this may work in future releases of Ubuntu past 8.04, but I have only tested on Ubuntu 8.04 workstation and Ubuntu 8.04 server.}
1. Tell Apache2 to enable the SSL module.
# sudo a2enmod ssl
2. Generate our certificate…
# cd /tmp
# sudo openssl req -new > new.cert.csr
…when prompted for info, fill it out. Here’s what I typed…
US
Florida
Orlando
SpacemanWorld
(enter)
Jack Spaceman
jackh@spacemanxworld.net
(enter)
(enter)
…and now we continue…
# sudo openssl rsa -in privkey.pem -out new.cert.key
# sudo openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key – days 1825
# sudo cp new.cert.cert /etc/ssl/certs/server.crt
# sudo cp new.cert.key /etc/ssl/private/server.key
3. Now we need to tell Apache2 to use this.
# sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
# sudo vi /etc/apache2/sites-available/default
Change:
Code:
NameVirtualHost: *
To:
Code:
NameVirtualHost: *:80
Change:
Code:
<VirtualHost *>
To:
Code:
<VirtualHost *:80>
# sudo vi /etc/apache2/sites-available/ssl
Change:
Code:
NameVirtualHost: *
To:
Code:
NameVirtualHost: *:443
Change:
Code:
<VirtualHost *>
To:
Code:
<VirtualHost *:443>
After the “DocumentRoot” line, add the following:
Code:
SSLEngine on SSLOptions +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
# sudo cd /etc/apache2/sites-enabled
# sudo a2ensite ssl
4. Now we need to adjust /etc/hosts if necessary, using the vi command:
Note this might already be done for you — just doublecheck.
# sudo vi /etc/hosts
Code:
127.0.0.1 localhost localhost.localdomain {your system name}
127.0.1.1 {your system name}
{static IP if you you have one} {fully qualified DNS host name if you have one}
5. Now we restart our Apache2 service.
# sudo /etc/init.d/apache2 restart
6. Test your server. You should be able to reach your pages on both http and https. Remember, this goal here was only to get your pages to work on https for doing things like web development testing, such as testing some eCommerce pages. However, you don’t want people reaching a secured page on http when they should be on https, so remember that you’ll want to trap for that in your .htaccess file in your website folder and redirect users back to the page under https.
SOURCES (HAD TO COMBINE AND GLEAN):
https://help.ubuntu.com/8.04/serverguide/C/httpd.html