{"id":6632,"date":"2022-09-24T20:40:31","date_gmt":"2022-09-24T20:40:31","guid":{"rendered":"https:\/\/www.geekdecoder.com\/?p=6632"},"modified":"2022-09-24T20:40:31","modified_gmt":"2022-09-24T20:40:31","slug":"how-to-create-and-install-self-signed-certificate-in-apache","status":"publish","type":"post","link":"https:\/\/www.qbytes.cloud\/index.php\/2022\/09\/24\/how-to-create-and-install-self-signed-certificate-in-apache\/","title":{"rendered":"How to Create and Install Self Signed Certificate in Apache"},"content":{"rendered":"\n<p>This how-to guide will help you to step by step create and install Self Signed Certificate in Apache server on Linux systems.<\/p>\n\n\n<a class=\"wp-block-read-more\" href=\"https:\/\/www.qbytes.cloud\/index.php\/2022\/09\/24\/how-to-create-and-install-self-signed-certificate-in-apache\/\" target=\"_self\">Read more<span class=\"screen-reader-text\">: How to Create and Install Self Signed Certificate in Apache<\/span><\/a>\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism undefined-numbers lang-bash\" data-lang=\"Bash\"><code>sudo apt-get install openssl          # Debian based systems\nsudo yum install mod_ssl openssl      # Redhat \/ CentOS systems\nsudo dnf install mod_ssl openssl      # Fedora 22+ systems<\/code><\/pre><\/div>\n\n\n\n<p>Step 2 \u2013 Create Self Signed Certificate (please change to your domain name \ud83d\ude42<br>Now create SSL certificate. Change the name &#8220;apache&#8221; to your site name if you plan on multiple sites. Openssl will ask you for some info about your organization. You can leave most of this blank, but the one important thing you\u2019ll need to fill out is the \u201cCommon Name,\u201d which you\u2019ll want to set to your server\u2019s IP address or domain name.<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism undefined-numbers lang-bash\" data-lang=\"Bash\"><code>sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \/etc\/ssl\/private\/apache.key -out \/etc\/ssl\/certs\/apache.crt<\/code><\/pre><\/div>\n\n\n\n<p>Output:<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism undefined-numbers lang-bash\" data-lang=\"Bash\"><code>Generating a RSA private key\n.............................+++++\n......+++++\nwriting new private key to &#39;apache.key&#39;\n-----\nYou are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter &#39;.&#39;, the field will be left blank.\n-----\nCountry Name (2 letter code) [AU]:US\nState or Province Name (full name) [Some-State]:TX\nLocality Name (eg, city) []:Austin\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Apache\nOrganizational Unit Name (eg, section) []:IT\nCommon Name (e.g. server FQDN or YOUR name) []:apache.com\nEmail Address []:user@localhost<\/code><\/pre><\/div>\n\n\n\n<p>We\u2019ll also want to generate a Diffie-Hellman group. This is used for perfect forward secrecy, which generates ephemeral session keys to ensure that past communications cannot be decrypted if the session key is compromised.<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism undefined-numbers lang-plain\"><code>sudo openssl dhparam -out \/etc\/ssl\/certs\/dhparam.pem 4096<\/code><\/pre><\/div>\n\n\n\n<p>Step 3 \u2013 Configure Apache to Use Your Self-Signed Certificate<br>Edit Apache SSL configuration file and edit\/update as per following directives.<\/p>\n\n\n\n<p>Add a snipit file.<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism undefined-numbers lang-bash\" data-lang=\"Bash\"><code>sudo touch \/etc\/apache2\/conf-available\/ssl-params.conf<\/code><\/pre><\/div>\n\n\n\n<p>Add the following:<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism undefined-numbers lang-plain\"><code>SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\nSSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1\nSSLHonorCipherOrder On\nHeader always set X-Frame-Options DENY\nHeader always set X-Content-Type-Options nosniff\nSSLCompression off\nSSLUseStapling on\nSSLStaplingCache &quot;shmcb:logs\/stapling-cache(150000)&quot;\nSSLSessionTickets Off\n\nSSLOpenSSLConfCmd DHParameters &quot;\/etc\/ssl\/certs\/dhparam.pem&quot;<\/code><\/pre><\/div>\n\n\n\n<p>Apache VirtualHost Configuration<\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism undefined-numbers lang-bash\" data-lang=\"Bash\"><code>&lt;VirtualHost *:80&gt;;\n    ServerName ipgw.io\n    ServerAlias www.ipgw.io\n    ServerAdmin webmaster@ipgw.io\n    DocumentRoot \/var\/www\/ipgw\n\n    &lt;Directory \/var\/www\/ipgw&gt;\n        Options -Indexes +FollowSymLinks\n        AllowOverride All\n    &lt;\/Directory&gt;\n\n    ErrorLog ${APACHE_LOG_DIR}\/ipgw.io-error.log\n    CustomLog ${APACHE_LOG_DIR}\/ipgw.io-access.log combined\n&lt;\/VirtualHost&gt;\n\n&lt;VirtualHost *:443&gt;\n    ServerAdmin rogerp@local\n    ServerName www.ipgw.io\n    ServerAlias ipgw.io\n    DocumentRoot \/var\/www\/ipgw\n    SSLEngine on\n    SSLCertificateFile \/etc\/pki\/tls\/certs\/ipgw.io.crt\n    SSLCertificateKeyFile \/etc\/pki\/tls\/certs\/ipgw.io.key\n&lt;\/VirtualHost&gt;<\/code><\/pre><\/div>\n\n\n\n<p>Step 4 \u2013 Test config, Enable SSL and Restart Apache<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism undefined-numbers lang-bash\" data-lang=\"Bash\"><code>sudo a2enmod ssl\nsudo apachectl configtest\nsudo systemctl restart apache2       # Debian based systems<\/code><\/pre><\/div>\n\n\n\n<p>Step 5 \u2013 Test Website with HTTPS<br>Finally, open your site in your favorite web browser using https.<\/p>\n\n\n\n<p>https:\/\/www.example.com<br>As we are using a self-signed certificate, you will get a warning message in your browser. You can simply ignore this message.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>If you find this helpful, please donate.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This how-to guide will help you to step by step create and install Self Signed Certificate in Apache server on Linux systems. Step 2 \u2013 Create Self Signed Certificate (please change to your domain name \ud83d\ude42Now create SSL certificate. Change the name &#8220;apache&#8221; to your site name if you plan on multiple sites. Openssl will &#8230; <a title=\"How to Create and Install Self Signed Certificate in Apache\" class=\"read-more\" href=\"https:\/\/www.qbytes.cloud\/index.php\/2022\/09\/24\/how-to-create-and-install-self-signed-certificate-in-apache\/\" aria-label=\"Read more about How to Create and Install Self Signed Certificate in Apache\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[134],"class_list":["post-6632","post","type-post","status-publish","format-standard","hentry","category-apache","tag-apache"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/6632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=6632"}],"version-history":[{"count":0,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/6632\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=6632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=6632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=6632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}