Atlantic.Net Blog

How to Create and Install a Self-Signed SSL Certificate on Ubuntu 20.04

Hitesh Jethva
by Atlantic.Net (198posts) under Dedicated Server Hosting
0 Comments

When you are shopping or banking online, you want to make sure the websites you are on are using HTTPS, which you can verify by noting a green padlock icon is in the address bar. HTTPS is the secure version of HTTP, a protocol used between a browser and a web server. Technically, HTTPS refers to HTTP over Secure Socket Layer (SSL). HTTPS means all communications between your browser and the web server are encrypted.

Behind HTTPS, an SSL certificate plays an important role in building trust between a browser and a web server.

In short, an SSL certificate is a web server’s digital certificate issued by a third party which verifies the identity of the web server and its public key.

A self-signed certificate is a certificate that is not signed by a certificate authority (CA). It is used internally within labs or business environments. However, this certificate has the same level of encryption as trusted certificates.

In this tutorial, we will show you how to generate a self-signed certificate and configure Apache to use this certificate.

Prerequisites

  • A fresh Ubuntu 20.04 VPS on the Atlantic.Net Cloud Platform
  • A root password configured on your server

Step 1 – Create an Atlantic.Net Cloud Server

First, log in to your Atlantic.Net Cloud Server.  Create a new server, choosing Ubuntu 20.04 as the operating system with at least 1GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.

Once you are logged in to your Ubuntu 20.04 server, run the following command to update your base system with the latest available packages.

apt-get update -y

Step 2 – Install Apache Web Server

Before starting, an Apache webserver must be installed on your server. If not installed, you can install it with the following command:

apt-get install apache2 openssl -y

Once Apache is installed, you can proceed to the next step.

Step 3 – Generate Self-Signed Certificate

SSL uses public and private keys. The private key resides on the server and is used to encrypt the content, while the public key is used to decrypt the content and is shared among the clients.

First, you will need to generate a private key and a certificate signing request (CSR) for your domain. You can generate it with the following command:

openssl req -nodes -newkey rsa:2048 -keyout /etc/ssl/private/private.key -out 
/etc/ssl/private/request.csr

You will be asked to provide your certificate information including Common Name, Organization, City, State, and Country as shown below:

Generating a RSA private key
..........................................................................+++++
............................................................................................+++++
writing new private key to '/etc/ssl/private/private.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Newyork
Locality Name (eg, city) []:Newyork
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Atlantic
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:Atlantic
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Once your request.csr is generated, you can generate the SSL certificate with the following command:

openssl x509 -in /etc/ssl/private/request.csr -out /etc/ssl/private/certificate.crt -req -signkey 
/etc/ssl/private/private.key -days 365

You should get the following output:

Signature ok
subject=C = US, ST = Newyork, L = Newyork, O = Atlantic, OU = IT, CN = Atlantic, 
emailAddress = [email protected]
Getting Private key

At this point, the certificate (certificate.crt) and key (private.key) file are ready to be used with the Apache webserver.

Step 4 – Configure Apache to Use SSL

Now, you will need to configure Apache to use the certificate which you have generated in the previous step.

First, open the Apache default SSL configuration file:

nano /etc/apache2/sites-available/default-ssl.conf

Define your domain name and SSL certificate as shown below:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin [email protected]
ServerName your-server-ip
DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on
SSLCertificateFile /etc/ssl/private/certificate.crt
SSLCertificateKeyFile /etc/ssl/private/private.key

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

</VirtualHost>
</IfModule>

Save and close the file, then enable the virtual host file with the following command:

a2ensite default-ssl.conf

Next, open the Apache default virtual host configuration file as shown below:

nano /etc/apache2/sites-available/000-default.conf

Define your domain name and add a Redirect directive, pointing all traffic to the SSL version of the site:

<VirtualHost *:80>

ServerAdmin [email protected]
ServerName your-server-ip
DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

Redirect "/" "https://your-server-ip/
</VirtualHost>

Next, enable the SSL and header module with the following command:

a2enmod ssl
a2enmod headers

Finally, reload the Apache service to implement the changes:

systemctl reload apache2

At this point, your Apache web server is configured to use an SSL certificate.

Step 5 – Verify Your SSL Server

Now, open your web browser and type the URL https://your-server-ip. You will be redirected to the warning page:

This is because your certificate is not signed by trusted certificate authorities. This is expected and normal. Just ignore it and click on the proceed to your host. You will be redirected to the Apache default page:

In the browser address bar, you will see a lock with a “not secure” notice. That means the certificate is not validated but is still encrypting your connection.

Conclusion

In this guide, you learned how to generate a self-signed certificate and configure your Apache webserver to use this certificate for client connections. You can now easily deploy the SSL in your internal network and encrypt the connections. Try out a self-signed certificate on dedicated server hosting from Atlantic.Net!

Get A Free To Use Cloud VPS

Free Tier Includes:
G3.2GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources