SSL also known as Secure Socket layers is a technology used to create an encrypted connection between the client and the server. SSL ensures that the data exchanged between the server and client remains protected and integral.

Secure Socket Layer Certificate

SSL certificate is a data file which merges a cryptographic key with an organizations details, it is installed on a web server to activate the data encryption-decryption and activate the https protocol between the browser and the server.

Prerequisites :

  • Operating System used: Ubuntu 17.04(you can use any other version too.)
  • Apache Web Server
  • OpenSSL

Enabling OpenSSL

By default Ubuntu comes with OpenSSL installed in it, type the following command in your terminal to enable OpenSSL.

sudo a2enmod ssl

Start your Apache web server by typing the following commands:

sudo service apache2 start

Generating a Self-Signed Certificate

A self-signed certificate is mainly used for testing the server and development environment, most of the web browsers generate a security alert while using a self-signed certificate because the certificate is self-signed and cannot be trusted, as it is not signed by a Certificate Authority.

Generating a Private Key

For creating a certificate we first need to create a private key for encryption and decryption, we are going to generate a 2048 bit private key with the name “mykey.key”.

sudo openssl genrsa -out mykey.key 2048

After executing the command a key will be generated in your current working directory with name “mykey.key”.

Generating Certificate Signing request

A CSR is a type of application from an applicant to a certificate authority in order to apply for a digital identity certificate, in our case we are the certificate authority so we are going to use our previously generated private key for creating the CSR.

root@FossNow:~$ sudo openssl req -nodes -new -key mykey.key -out mycsr.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:MAHARASHTRA
Locality Name (eg, city) []:Mumbai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FOSSNOW
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:shibli
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

After executing the above command you will be asked few questions just answer them and done you have successfully created a CSR, the file will be stored in your current working directory having the name “mycsr.csr”.

Generating the Certificate

This is the final step,  we will generate a self-signed certificate (mycrt.crt) of X509 type valid for 365 keys.

sudo openssl x509 -req -days 365 -in mycsr.csr -signkey mykey.key -out mycrt.crt

This will generate the final certificate in your current working directory with name “mycrt.crt”.

Loading the Certificate into Apache

First, you need to create a directory inside your apache2 directory to store the certificate files.

sudo mkdir /etc/apache2/ssl

Copy the certificate files into newly created directory

sudo cp -v mykey.key mycsr.csr mycrt.crt /etc/apache2/ssl

Enabling SSL support in Apache

Now we need to tell apache to use these certificates for that we are going to change some few configurations in the /etc/apache2/sites-enabled/000-default.conf file.

sudo nano /etc/apache2/sites-enabled/000-default.conf

remove the current content of the 000-default.conf file and paste the below code as it is into the file.

<VirtualHost *:443>
 ServerAdmin webmaster@localhost
 DocumentRoot /var/www/html
 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined
 SSLEngine on
 SSLCertificateFile /etc/apache2/ssl/mycrt.crt
 SSLCertificateKeyFile /etc/apache2/ssl/mykey.key

Testing the Server

Now restart the Apache web server

sudo service apache2 restart

Open your web browser and go to the following URL https://localhost if a warning occurs simply proceed by clicking the “Advance Options” button after doing that a page similar to below page will be opened.

Note: The https protocol is now available with your localhost.

Apache with SSL Enabled
Note: the https protocol is enabled.


You have successfully created a Self-Signed SSL Certificate and loaded into your Apache web server. If you want to host a public site with SSL support, then you need to purchase an SSL certificate from a trusted certificate authority.

If You Love
this article, You Should Consider:

  • Like us on Facebook
  • Follow us on Instagram
  • Follow us on Twitter
  • Let us know your suggestions and queries in the comments below.
  • Subscribe to our Newsletter

Thank you for your Love and Support