SSL is useful for secure communication between users and web servers. The certificate encrypts the data as it travels over public wires so that it is not vulnerable to hackers. Self-signed certificates are free to use, but are not used in production environments, such as when using confidential data such as credit card or Paypal information. This article will introduce you to creating and installing a self-signed certificate in the Apache server on a Linux system.
Step 1: Install mod_ssl package
To set up an SSL certificate, make sure mod_ssl is installed on your system. If it is not installed yet, you need to use the following command to install it. Additionally, install the openssl package to create the certificate.
$ sudo apt-get install openssl # Debian based systems $ sudo yum install mod_ssl openssl # Redhat / CentOS systems $ sudo dnf install mod_ssl openssl # Fedora 22+ systems
Step 2: Create a self-signed certificate
After installing mod_ssl and openssl, use the following command to create a self-signed certificate for your domain.
$ sudo mkdir -p /etc/pki/tls/certs $ sudo cd /etc/pki/tls/certs
Now create the SSL certificate
$ sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout example.com.key -out example.com.crt
Output
Generating a 2048 bit RSA private key ....................................+++ ...................................+++ writing new private key to 'example.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: IN State or Province Name (full name) []: Delhi Locality Name (eg, city) [Default City]: Delhi Organization Name (eg, company) [Default Company Ltd]: TecAdmin Organizational Unit Name (eg, section) []: blog Common Name (eg, your name or your server's hostname) []: www.example.com Email Address []: admin@example.com
The above command will create an ssl key file example.com.key and a certificate file example in the current directory .com.crt.
Step 3: Install the self-signed certificate in Apache
Now you have the self-signed SSL certificate and key file. Next edit the Apache SSL configuration file and follow the instructions below to edit/update it.
Apache virtual host configuration:
<VirtualHost _default_:443> ServerAdmin admin@example.com ServerName www.example.com ServerAlias example.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/pki/tls/certs/example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/example.com.key </VirtualHost>
Step 4: Restart Apache
If the above command does not show any errors, please restart the Apache service.
$ sudo systemctl restart apache2 # Debian based systems $ sudo systemctl restart httpd # Redhat based systems
Step 5: Test the website using https
Finally, open your site in your web browser using https. It requires port 443 to be opened to access the site using HTTPS.
https://www.example.com
When we use a self-signed certificate, you will receive a warning message in your browser, just ignore this message.
The above is the detailed content of How to create and install a self-signed certificate in Apache. For more information, please follow other related articles on the PHP Chinese website!