Security is a always a big concern and there’s no reason your website should go unsecure. You can secure your Apache website with a self-signed SSL certificate. This post describes the process using Apache 2.2 and OpenSSL on a Ubuntu Linux server.

Begin by generating a private key:

$ openssl genrsa -out mycert.key 1024

Next, generating a certificate request and enter the information:

$ openssl req -new -key mycert.key -out mycert.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Next, generate the self-signed certificate. You can specify the number of days the cert is valid for.

$ openssl x509 -req -days 365 -in mycert.csr -signkey mycert.key -out mycert.cert
Signature ok
subject=/C=/ST=/L=/O=/CN=
Getting Private key

You no longer need the .csr request file. Create a folder and move the .key and .cert files into it:

$ sudo mkdir /etc/apache2/ssl
$ sudo mv *.cert /etc/apache2/ssl
$ sudo mv *.key /etc/apache2/ssl
$ sudo chmod 400 /etc/apache2/ssl/*.key

If the cert is protected with a password, by default Apache will prompt for the password when it starts. This can be a problem since you will need to enter the password each time Apache is restarted. We can fix this by having Apache call a program that returns the password.

Create the shell script /etc/apache2/ssl/password.sh and enter the following:

#!/bin/bash
echo “password”;

Next we need to tell Apache to run the script. Apache’s SSL settings are stored in:

/etc/apache2/mods-enabled/ssl.conf

Edit the file and change the SSLPassPhraseDialog to:

SSLPassPhraseDialog exec:/etc/apache2/ssl/password.sh

The last step is to assign the certificate to your Apache site by editing the sites file:

/etc/apache2/sites-enabled/000-default

You’ll need to configure the SSL settings for the site:

<VirtualHost 192.168.1.100:443>
        ...
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/mycert.cert
        SSLCertificateKeyFile /etc/apache2/ssl/mycert.key
        ...
</VirtualHost>

Don’t forget to tell Apache to listen on port 443 in the /etc/apache2/ports.conf file. Restart Apache with sudo apache2ctl restart and you should be a little closer to being secure.


6 Comments

  1. […] Creating Self-Signed Certs on Apache 2.2 | CB1, INC. […]

    Pingback by Help for Geeks – My Development Bookmarks | David DeMartini online — April 7, 2010 @ 10:30 am

  2. […] you should want to protect your data as good as possible, you should use SSL (HTTPS) only. Check http://www.cb1inc.com/2007/05/13/creating-self-signed-certs-on-apache-2-2/ for a good […]

    Pingback by Apache2. WebDav and Windows 7 | Peter Elzinga.eu — January 30, 2013 @ 3:56 pm

  3. […] get you up and running with a neato dev environment. If you need to run SSL, I wrote a post on Creating Self-Signed Certs on Apache 2.2 and Virtual Hosts and Wildcard SSL Certificates with Apache […]

    Pingback by CB1 Ubuntu 10.10 Linux Development Setup | CB1, INC. — July 23, 2013 @ 1:16 pm

  4. why we can’t remove password from key?
    # openssl rsa -in mycert.key -out mykeyWO.key

    Comment by Niemi — September 10, 2013 @ 4:09 am

  5. Thank you for this step-by-step! I used half of these instructions to create a self-signed certificate and private key on my Apache 2.2 webserver running on Linux, for import via my QNAP NAS front-end/GUI console. People with limited knowledge are successful only because of the goodwill of folks like you. Much appreciated.

    Comment by Julie L — April 20, 2014 @ 11:12 pm

  6. you are actually a good webmaster. The web site loading pace
    is amazing. It seems that you are doing any distinctive trick.
    Furthermore, The contents are masterwork. you’ve performed a magnificent task in this matter!

    Comment by Live Meetings — August 28, 2014 @ 11:11 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.