This article is part of the Apache Server Guide series:
- Securing Apache on Ubuntu – Part 1
- Securing Apache on Ubuntu – Part 2
- Optimizing Apache Performance – Part 1
- Optimizing Apache Performance – Part 2
- Setting Up Name-Based Virtualhost Apache
- Setting Up IP and Port-Based Virtualhost in Apache
- How to Set Up the Password Protect Web Directory in Apache
- Setting up Apache Server with SSL Support on Ubuntu
- Setting Up Fail2ban to Protect Apache from a DDOS Attack
- How to Set Up Webdav with Apache on Ubuntu
- Monitor Apache Web Server Using Mod_status
- How to Protect Against DDoS with Mod_evasive on Apache Server
SSL is also known as Secure Socket Layer protocol. It was created by Netscape to secure transactions between web servers and browsers. SSL protocol uses a Certificate Authority (CA) to identify one end or both ends of the transactions. All communications sent over regular HTTP connections are in plain text, and any hacker can access the connection between your browser and the website and read sensitive information like credit card details or your social security number. SSL is used is to keep sensitive information sent across the Internet encrypted, so the information becomes unreadable to everyone.
Self-signed Certificate vs. Commercial Certificate
Self-signed Certificate is signed by its owner. It is generally used for testing local servers and development environment. Although self-signed certificates provide the same level of security between website and browser, most web browsers will always display a security alert message that the website certificate is self-signed and cannot be trusted, as it is not signed by the Certificate authority.
Commercial Certificate is an authorized certificate issued by a trusted certificate authority. Signed certificate is mostly used in a production environment.
In this article I am going to explain how to create a self-signed SSL certificate for Apache which will allow you to encrypt traffic to your Apache web server.
Configure Apache to Support SSL
By default, Openssl is installed in Ubuntu 14.04. This module provides SSL support to Apache. It is disabled by default, so you need to enable the SSL module first.
You can enable the SSL module by running:
After you have enabled SSL, you’ll have to restart the Apache service for the change to be recognized.
Generate a Self-signed Certificate
The first step is certificate creation. For testing purposes, or for small LANs, you need to generate a private key (ca.key) with 2048 bit encryption.
To do this, run:
Then generate a certificate signing request (ca.csr) using the following command:
Lastly, generate a self-signed certificate (ca.crt) of X509 type valid for 365 keys.
Create a directory to place the certificate files we have created.
Next, copy all certificate files to the “/etc/apache2/ssl” directory.
Configure Apache to Use the SSL Certificate:
Now all the certificates are ready. The next thing to do is to set up the Apache to display the new certificate.
For this, you need to enable SSL support on the Apache default virtual host file located in the
You can do this by editing the Apache default virtual host config file.
Comment out all the lines by adding a “#” in front of each line and add the following lines:
Save and close the file, then restart Apache.
This should enable your new virtual host which will serve encrypted content using the SSL certificate you created.
Testing Apache (HTTPS) Server:
To verify the Apache (HTTPS) web server, open your web browser and type your server IP Address (with “https://,” for example: “https://192.168.1.227”).
An error should appear on your browser, and you must manually accept the certificate. The error message shows up because we are using a self-signed certificate instead of certificate signed by a certificate authority that the browser trusts, and the browser is unable to verify the identity of the server that you are trying to connect to. Once you add an exception to the browser’s identity verification, you should see a Ubuntu test page for your newly secure site.
Now, you have SSL enabled on your Apache server. This will help to secure communication between your Apache server and clients. If you want to host a public site with SSL support, then you need to purchase an SSL certificate from a trusted certificate authority.