Support Online
MirrorLooking Glass
GenixNodeGenixNode
Client Panel
Skip to main content

Creating an Apache Self-Signed SSL Certificate

In this guide, you will learn how to create a self-signed SSL/TLS certificate on an Apache web server running on Ubuntu 22.04. When the installation is complete, the HTTPS connection will be active and HTTP traffic will be automatically redirected to HTTPS.

Self-signed certificates are used specifically for test environments, development servers and closed network systems.

Technical Summary

Subject: Self-Signed SSL installation on Apache
Purpose:

  • Encrypting traffic between server and client
  • Using HTTPS in test environments
  • Learning SSL configuration on Apache

In this guide we will perform the following operations:

  • Enable Apache SSL module
  • Generating SSL certificate with OpenSSL
  • Apache HTTPS VirtualHost configuration
  • HTTP → HTTPS redirect

Note: Self-signed certificates are not recommended for production environments. Let's Encrypt or commercial SSL certificates must be used in production.

Prerequisites

Before starting the installation, the following requirements must be met:

  • Ubuntu 22.04 server
  • user with sudo privilege
  • Apache web server must be installed
  • UFW firewall must be active

Apache Installation

First update the package list:

sudo apt update

Install Apache web server:

sudo apt install apache2

Open HTTP and HTTPS ports on the firewall:

sudo ufw allow "Apache Full"

This process activates ports 80 and 443.

1. Enabling Apache mod_ssl Module

To enable Apache's SSL support, run the following command:

sudo a2enmod ssl

Then restart the Apache service:

sudo systemctl restart apache2

2. Creating a Self-Signed SSL Certificate

Generate private key and certificate using OpenSSL:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/apache-selfsigned.key \
-out /etc/ssl/certs/apache-selfsigned.crt

This command:

Creates a 2048 bit RSA key Generates a certificate valid for 365 days Saves the certificate and key files in the /etc/ssl directory Important Area: Common Name

You will be asked for some information when creating a certificate.

You must type the domain name or IP address of the server in the Common Name field.

Example:

Common Name: tr1.ornek.com

It must be the same address used in the browser.

3. Apache HTTPS VirtualHost Configuration

Create a new HTTPS site configuration:

sudo nano /etc/apache2/sites-available/tr1-ornek-com.conf

Add the following configuration:

<VirtualHost *:443>
    ServerName tr1.ornek.com
    DocumentRoot /var/www/tr1-ornek-com

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
</VirtualHost>

This structure introduces the SSL certificate to Apache.

Creating a Test Index

Create web directory for testing:

sudo mkdir /var/www/tr1-ornek-com

Create a simple test page:

sudo nano /var/www/tr1-ornek-com/index.html
<h1>SSL Çalışıyor!</h1>

Activating the Site

Activate the site:

sudo a2ensite tr1-ornek-com.conf

Test Apache configuration:

sudo apache2ctl configtest

Reinstall Apache:

sudo systemctl reload apache2

Testing from the Browser

Open the following address in the browser:

https://tr1.ornek.com

The browser may display a security warning. This is normal for self-signed certificates.

4. HTTP to HTTPS Redirect

You can automatically redirect HTTP requests to HTTPS.

Edit the VirtualHost file:

sudo nano /etc/apache2/sites-available/tr1-ornek-com.conf

Add the following configuration:

<VirtualHost *:80>
    ServerName tr1.ornek.com
    Redirect / https://tr1.ornek.com/
</VirtualHost>

Check the configuration:

sudo apachectl configtest

Reinstall Apache:

sudo systemctl reload apache2

Now requests for http:// will automatically be forwarded to https://.

Frequently Asked Questions

Is Self-Signed SSL certificate safe?

It encrypts data traffic but does not provide authentication because it is not verified by a certificate authority.

Why does the browser give a security warning?

Browsers show warnings because self-signed certificates are not signed by a trusted certificate authority.

Can a self-signed certificate be used in production?

No. In production environments, it is recommended to use Let's Encrypt or commercial SSL certificates.

What is the validity period of the certificate?

The certificate created in this guide is valid for 365 days.

Result

In this guide, you learned how to create a self-signed SSL certificate, HTTPS configuration and HTTP → HTTPS redirection on the Apache web server on Ubuntu 22.04.

This method is especially ideal for test environments and development servers.

You can safely test Apache HTTPS configurations on the GenixNode infrastructure.