In this blog we will generate self signed SSL certificate for one demo website in Ubuntu server.
Just now i have deployed a new server in Vultr cloud server. My server details are:
Location: New Jersey
OS: Ubuntu 20.04 x64
IP Address: 8.9.30.155
Username: root
Password: •••••••
If you are new to Vultr cloud server, you can see following link and deploy a new server.
Deploy a New Virtual Server in Vultr and How to Use SSH to Connect to Remote Server
sudo apt-get update sudo apt-get install apache2
You can find detail blog on how to install apache2 webserver in ubuntu virtual server.
sudo ufw allow "Apache Full"
mod_ssl is already installed by default in Ubuntu. We just need to enable with the following command.
sudo a2enmod ssl
Need to restart apache2 service.
systemctl restart apache2.service
You should get the Apache default page like showing below:
OpenSSL is a library that provides cryptographic functionality to applications such as secure web servers. Before installtion let us check OpenSSL is installed on a Ubuntu server or not.
openssl version
It is already installed in Ubuntu server, so no need to install.
I want to generate SSL for sample site xvdemo.com. So keeping name apache-xvdemo-selfsigned for .key and .crt file. You can select name according to your choice.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-xvdemo-selfsigned.key -out /etc/ssl/certs/apache-xvdemo-selfsigned.crt
This command generates a new private key (-newkey) using the RSA algorithm with a 2048-bit key length (rsa:2048) without using a passphrase (-nodes) and then creates the key file with a name of apache-xvdemo-selfsigned.key (-keyout apache-xvdemo-selfsigned.key). Also that generates the CSR with a filename of apache-xvdemo-selfsigned.csr (-out apache-xvdemo-selfsigned.csr).
req -x509 parameter specifies that we want to use X.509 certificate signing request (CSR) management. An X.509 certificate is a digital certificate, which defines the format of public key infrastructure (PKI) certificates. They are used to manage identity and security in internet communications and computer networking.
-days 365 option to sets the length of time that the certificate will be considered valid.
It will ask you to enter
Country Name: you have to enter country code, where your company is legally located
State: enter state name, where your company is legally located
Locatity Name: enter locality name, where your company is legally located
Organization Name: you can enter your organization/company name
Organization Unit Name: you have to enter your sub-organization name
Common Name: You have to enter hostname or domain name which will be use to access the server by or public IP of the server.
Email Address: you have to enter your email address.
Now successfully created .key and .crt file. If you want to see you can go to following directory and see.
cd /etc/ssl/private
ls -lt apache-xvdemo-selfsigned.key
cd /etc/ssl/certs/
ls -lt apache-xvdemo-selfsigned.crt
cd /var/www/
mkdir xvdemo.com
cd xvdemo.com
touch index.html
vi index.html
vi index.html command will open index.html file in vi editor, press i to insert in vi editor. Then paste following line of code.
This is sample demo website
To show how to create self signed certificate for your sample demo website
Save and exit vi editor, press Esc key then :wq and press enter.
I am keeping name xvdemo, you can keep according to your choice.
cd /etc/apache2/sites-available
vi xvdemo.conf
Make sure server name matches the Common Name which we have written when were creating the certificate. Also write the correct SSLCertificateFile and SSLCertificateKeyFile.
<VirtualHost *:80>
ServerAdmin webmaster@www.xvdemo.com
DocumentRoot /var/www/xvdemo.com
ServerName www.xvdemo.com
<Directory /var/www/xvdemo.com>
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName www.xvdemo.com
DocumentRoot /var/www/xvdemo.com
<Directory /var/www/xvdemo.com>
AllowOverride All
Require all granted
Allow from All
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-xvdemo-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-xvdemo-selfsigned.key
</VirtualHost>
Save and exit the vi editor.
cd .. sudo a2ensite xvdemo.conf
cd sites-enabled ll
systemctl reload apache2
Open command prompt as administrator. Then go to following directory and open hosts file.
cd drivers/etc
notepad hosts
Add below line in hosts file.
YOUR-SERVER-IP YOUR-SERVER-NAME
8.9.30.155 www.xvdemo.com
Save and close the file.
You will get screen like below.
You have click on "Advanced" -> Click on "Accept the Risk and Continue".
After that you can see the sample demo website.
That's it.