Linux Basics: How to Create an Apache SSL Certificate on Ubuntu


  • 1.1: SSL Certificates-An Overview
  • 1.2: Stepwise Guide on the Creation of an Apache SSL Certificate on Ubuntu
  • 1.2.1 Step 1- Activation of the SSL Module
  • 1.2.2: Step 2 – Creation of a New Directory
  • 1.2.3:Step 3 – Creation of a Self-Signed SSL Certificate
  • 1.2.4:Step 4 – Setting Up the Certificate
  • 1.2.5: Step 5 – Activation of the New Virtual Host
  • 1.3 Conclusion

1.1: SSL Certificates- An Overview

An SSL certificate is an encryption mechanism to secure a website’s information to establish a failsafe connection. Furthermore, the SSL certificate can display the virtual identification information of the private server to website visitors. Generally, Certificate Authorities issue SSL certificates that abet the verification of server details, whilst a self-signed certificate does not possess any third-party validation.

1.2 Stepwise guide on the Creation of an Apache SSL Certificate on Ubuntu

The following steps outline the process of creating an Apache SSL certificate on Ubuntu. Important to Note: 1. Users must note that it is essential to have access to root privileges on the VPS before executing the task (as explained in steps 3 and 4).

sudo apt-get install apache2eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-3′,’ezslot_2′,121,’0′,’0′]));

Once the preliminary checks (as explained above) are complete, the following steps shall help users accomplish the given task:

1.2.1: Step 1 – Activation of the SSL Module

first step in the simple and user-friendly process remains to activate SSL on the droplet. This can be done by using the following command:

sudo a2enmod ssl

The above step needs to be followed up by restarting Apache, by using the following command:

sudo service apache2 restart

The above completes the first step in the process of creating an Apache SSL Certificate on Ubuntu.

1.2.2: Step 2 – Creation of a New Directory for the SSL Certificate

The second step entails creation of a new directory to store the server key and certificate. The following command shall help users achieve that:

sudo mkdir /etc/apache2/ssl

The above command shall lead to the creation of a new directory, as required. You are now ready to move on to the next step. eval(ez_write_tag([[580,400],’howtoforge_com-medrectangle-4′,’ezslot_1′,108,’0′,’0′]));

1.2.3: Step 3 – Creation of a Self-Signed SSL Certificate

When creating a new SSL certificate, one needs to specify the duration validity of the same by changing the value 365 (as appearing in the message below) to the preferred number of days. It is important to mention here that the certificate so created stands to auto-expire upon completion of one year.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

The above command is rather versatile, and lets users create both the self-signed SSL certificate and the server key to safeguard it, in addition to placing both of these into the new directory. The command shall prompt the terminal to display a long list of important fields that need to be supplied with correct details (as outlined below):

Generating a 2048 bit RSA private key
writing new private key to ‘/etc/apache2/ssl/apache.key’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [AU]: <- e.g. UK
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <- enter your name or company name here
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []: <- Enter your domain name here. e.g.
Email Address []:

The most important field on the above screen remains – Common Name –. You need to key in the official domain name of the company here or, your website’s complete IP address in the absence of a formal company domain name.

1.2.4: Step 4 – Setting Up the Certificate

Execution of Step 1 through 3 shall ensure availability of all the requisite components of the finished certificate. Consequently, users need to set up the virtual hosts that can display the new certificate. This can be done by opening up the SSL configuration file, using the following command:

nano /etc/apache2/sites-available/default-ssl

You need to locate the section that begins with on the window the above command shall lead you to, and make the following changes in a swift manner. Subsequently, you need to add a line with your unique server name right underneath the Server Admin email (as shown below)



Here, users must replace – – with their unique DNS approved domain name/IP address of the server. An important point to note here is that the unique domain name/server IP address on the certificate must correspond to that supplied by the user under the field ‘common name) as part of Step 3 above.

Further, users need to locate the following three lines on the screen, and ensure an appropriate match with the extensions below:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Once this is done, all you need to do is save and exit out of the file, which completes Step 4 for you.

1.2.5: Step 5 – Activation of the New Virtual Host

Prior to the activation of the website that will appear on the 443 port, it is important to enable that Virtual Host: The following command shall help you do that:

sudo a2ensite default-ssl

With the activation of the new Virtual Host using the above command, you are all set. All you need to do is restart the Apache server to reload it with all the incorporated changes as per the aforementioned steps. The following command shall lead you there:

sudo service apache2 reload

Once the Restart process is complete and the Apache server has been reloaded with all the requested changes, users need to type https://yourwebsiteaddress, to be able to view the new certificate. Lastly, once the SSL certificate has been successfully set up on the site, users may install an FTP server if the same has not been done yet.


The above steps shall help you create an Apache SSL Certificate on Ubuntu to ensure a safe and secure encryption and connection for your website


About the Author

Leave a Reply