Ubuntu 18.04 Self-Signed Certificate Guide
In this guide, you will learn how to create a self-signed SSL certificate for the Apache web server running on Ubuntu 18.04.
Self-signed certificates are specifically used in the following situations:
- Internal panels
- Test environments
- Non-domain servers
- Internal services
A self-signed certificate is not verified by the browser, but the connection is fully encrypted.
What is Self-Signed SSL?
A self-signed SSL certificate is a certificate created by the server rather than by a certificate authority.
Advantages
- Quick installation
- Does not require domain
- Ideal for internal services
Disadvantages
- Browser gives trust warning
- Not recommended for public sites
What You Will Learn in This Guide
In this guide, you will perform the following operations:
- Creating an SSL certificate with OpenSSL
- Apache HTTPS VirtualHost configuration
- HTTP → HTTPS redirect
- Enable strong TLS settings
- Opening HTTPS traffic through firewall
Creating SSL Certificate and Key
The following command creates both the private key and certificate.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt
This command:
RSA 2048 bit anahtar
365 gün geçerli sertifika
creates.
To the Common Name part asked during the command, the server says:
IP address or Domain name
you can write.
Apache SSL Security Settings
Let's create strong TLS settings for Apache.
sudo nano /etc/apache2/conf-available/ssl-params.conf
Add the following settings to the file:
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM
SSLProtocol -all +TLSv1.3 +TLSv1.2
SSLHonorCipherOrder On
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLSessionTickets Off
These settings:
Turns off older TLS versions Uses modern encryption algorithms Adds security headers.
HTTPS VirtualHost Configuration
Open Apache's SSL VirtualHost file:
sudo nano /etc/apache2/sites-available/default-ssl.conf
Example configuration:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@sunucum.com
ServerName sunucu_IP
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>
</IfModule>
Redirect HTTP Traffic to HTTPS
To automatically redirect HTTP requests to HTTPS:
sudo nano /etc/apache2/sites-available/000-default.conf
Add into VirtualHost:
Redirect permanent "/" "https://sunucu_IP/"
Updating Firewall Settings
Allow HTTPS traffic:
sudo ufw allow "Apache Full"
Check firewall status:
sudo ufw status
Enabling Apache SSL Modules
Activate the required Apache modules:
sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
sudo a2enconf ssl-params
Testing the Configuration
Check Apache configuration:
sudo apache2ctl configtest
If the result is Syntax OK, restart Apache:
sudo systemctl restart apache2
Testing HTTPS Connection
Open the following address from the browser:
https://SUNUCU_IP
The browser may display a security warning.
This is normal because the certificate is self-signed.
However, the connection works encrypted.
Frequently Asked Questions
Is the self-signed certificate secure?
Yes. Data is fully encrypted. However, since there is no certificate verification, the browser gives a warning.
Is it suitable for public websites?
No.
Let's Encrypt is recommended for public sites.
Does SSL work with IP address?
Yes. Self-signed certificates can be used with IP address.
How to change the certificate duration?
The -days parameter in the command is changed.
Example:
-days 730
Result
With this guide:
- You have configured SSL on Apache.
- You learned how to create a self-signed certificate.
- You have redirected HTTP → HTTPS.
- You have enabled strong TLS security settings.
This structure is especially ideal for test environments, internal panels and development servers.
You can use GenixNode VPS servers to quickly set up your server infrastructure.