In this blog we will generate self signed SSL certificate for one demo website in Ubuntu server.
Just now i have deployed a new server in Vultr cloud server. My server details are:
Location: New Jersey OS: Ubuntu 20.04 x64 IP Address: 184.108.40.206 Username: root Password: •••••••
If you are new to Vultr cloud server, you can see following link and deploy a new server.
sudo apt-get update sudo apt-get install apache2
You can find detail blog on how to install apache2 webserver in ubuntu virtual server.
sudo ufw allow "Apache Full"
mod_ssl is already installed by default in Ubuntu. We just need to enable with the following command.
sudo a2enmod ssl
Need to restart apache2 service.
systemctl restart apache2.service
You should get the Apache default page like showing below:
OpenSSL is a library that provides cryptographic functionality to applications such as secure web servers. Before installtion let us check OpenSSL is installed on a Ubuntu server or not.
It is already installed in Ubuntu server, so no need to install.
I want to generate SSL for sample site xvdemo.com. So keeping name apache-xvdemo-selfsigned for .key and .crt file. You can select name according to your choice.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-xvdemo-selfsigned.key -out /etc/ssl/certs/apache-xvdemo-selfsigned.crt
This command generates a new private key (-newkey) using the RSA algorithm with a 2048-bit key length (rsa:2048) without using a passphrase (-nodes) and then creates the key file with a name of apache-xvdemo-selfsigned.key (-keyout apache-xvdemo-selfsigned.key). Also that generates the CSR with a filename of apache-xvdemo-selfsigned.csr (-out apache-xvdemo-selfsigned.csr).
req -x509 parameter specifies that we want to use X.509 certificate signing request (CSR) management. An X.509 certificate is a digital certificate, which defines the format of public key infrastructure (PKI) certificates. They are used to manage identity and security in internet communications and computer networking.
-days 365 option to sets the length of time that the certificate will be considered valid.
It will ask you to enter
Country Name: you have to enter country code, where your company is legally located State: enter state name, where your company is legally located Locatity Name: enter locality name, where your company is legally located Organization Name: you can enter your organization/company name Organization Unit Name: you have to enter your sub-organization name Common Name: You have to enter hostname or domain name which will be use to access the server by or public IP of the server. Email Address: you have to enter your email address.
Now successfully created .key and .crt file. If you want to see you can go to following directory and see.
ls -lt apache-xvdemo-selfsigned.key
ls -lt apache-xvdemo-selfsigned.crt
vi index.html command will open index.html file in vi editor, press i to insert in vi editor. Then paste following line of code.
This is sample demo website
To show how to create self signed certificate for your sample demo website
Save and exit vi editor, press Esc key then :wq and press enter.
I am keeping name xvdemo, you can keep according to your choice.
Make sure server name matches the Common Name which we have written when were creating the certificate. Also write the correct SSLCertificateFile and SSLCertificateKeyFile.
ServerAdmin email@example.com DocumentRoot /var/www/xvdemo.com ServerName www.xvdemo.com <Directory /var/www/xvdemo.com> Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory>
AllowOverride All Require all granted Allow from All </Directory>
Save and exit the vi editor.
cd .. sudo a2ensite xvdemo.conf
cd sites-enabled ll
systemctl reload apache2
Open command prompt as administrator. Then go to following directory and open hosts file.
Add below line in hosts file.
Save and close the file.
You will get screen like below.
You have click on "Advanced" -> Click on "Accept the Risk and Continue".
After that you can see the sample demo website.