Setup Self-Signed SSL Certificate for Apache running on Ubuntu

Activate SSL Module

sudo a2enmod ssl
sudo service apache2 restart

Create a Self-Signed SSL Certificate

sudo mkdir /etc/apache2/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/xxx.key -out /etc/apache2/ssl/xxx.crt

When prompted for Common Name (e.g. server FQDN or YOUR name) []:

CSR: (certificate signing request)
-x509: Self-signed certificate file instead of generating a certificate request
-nodes: This option tells OpenSSL to secure key file WITHOUT a passphrase
(Better without password so Apache service can auto start)
-days 365: Cert will be valid for one year
-newkey rsa:2048: New private key
-keyout: Output file for the private key
-out: output file for certificate

Configure Apache to Use SSL for your virtualhost

sudo nano /etc/apache2/sites-available/
DocumentRoot /var/www/vhost/path
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/xxx.crt
SSLCertificateKeyFile /etc/apache2/ssl/xxx.key


Activate the SSL Virtual Host

sudo a2ensite
sudo service apache2 restart

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top