# Self-signed certificate for apache ###### tags: `linux` `certificate` `apache` ### create a self-signed certificate ``` root@ubuntu:/# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-self-signed.key -out /etc/ssl/certs/apache-self-signed.crt Generating a 2048 bit RSA private key ..........+++ ..........................................+++ writing new private key to '/etc/ssl/private/apache-self-signed.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]:NSW Locality Name (eg, city) []:Sydney Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company Organizational Unit Name (eg, section) []:Engineer Common Name (e.g. server FQDN or YOUR name) []:my-web-server Email Address []: ``` ### configure apache to use the certificate ``` Edit "/etc/apache2/sites-available/default-ssl.conf". Modify "SSLCertificateFile" and "SSLCertificateKeyFile" which point to the path of the certificate and key files. SSLCertificateFile /etc/ssl/certs/apache-self-signed.pem SSLCertificateKeyFile /etc/ssl/private/apache-self-signed.key Edit "/etc/apache2/sites-available/000-default.conf", add "Redirect" for redirect http to https. Redirect "/" "https://my-web-server" Edit "/etc/apache2/apache2.conf", add "ServerName" in the end of file. ServerName my-web-server ``` ### enable the configuration on the apache and restt the apache ``` a2enmod ssl a2ensite default-ssl apache2ctl configtest systemctl restart apache2 ``` ### test   Ref: https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-18-04