AMP AMP

How to Create a Self Signed SSL Certificate for Apache on Ubuntu 21.04

To Create a Self Signed SSL Certificate for Apache on Ubuntu 21.04

Introduction:

An SSL (Secure Sockets Layer) connection establishes an encrypted link between a server and a client. SSL is configured using three keys: the public, private, and session keys. With the public key, anything encrypted can only be decrypted with the private key and vice versa. Due to the difficulty of encrypting and decrypting with private and public keys, they are only used during the SSL Handshake in order to create a symmetric session key. Using the session key, all transmitted data is encrypted after the secure connection has been established.

Installation Procedure:

Step 1:Check the OS version by using below command

root@linuxhelp:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 21.04
Release:	21.04
Codename:	hirsute

Step 2:Install the Apache Webserver by using the below command

root@linuxhelp:~# apt install apache2 -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following package was automatically installed and is no longer required:
  libllvm11
Use 'apt autoremove' to remove it.
The following additional packages will be installed:
  apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.3-0
Suggested packages:
  apache2-doc apache2-suexec-pristine | apache2-suexec-custom
The following NEW packages will be installed:
  apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.3-0
0 upgraded, 9 newly installed, 0 to remove and 9 not upgraded.
Need to get 1,857 kB of archives.
After this operation, 8,039 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu hirsute-updates/main amd64 libapr1 amd64 1.7.0-6ubuntu0.1 [96.9 kB]
Get:2 http://in.archive.ubuntu.com/ubuntu hirsute/main amd64 libaprutil1 amd64 1.6.1-5ubuntu1 
Enabling conf other-vhosts-access-log.
Enabling conf security.
Enabling conf serve-cgi-bin.
Enabling site 000-default.
Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service.
Created symlink /etc/systemd/system/multi-user.target.wants/apache-htcacheclean.service → /lib/systemd/system/apache-htcach
eclean.service.
Processing triggers for ufw (0.36-7.1ubuntu1) ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for libc-bin (2.33-0ubuntu5) ...

Step 3: Create a directory by using the below command

root@linuxhelp:~# mkdir /var/www/test

Step 4:Create a sample HTML file for testing purpose by using the below command

root@linuxhelp:~# vim /var/www/test/index.html

<!DOCTYPE html>
<html>
<head>
<title>testing</title>
</head>
<body>


<h1>Welcome to Linux Help</h1>


</body>
</html>

Step 5:Change the permission for the test directory by using the below command

root@linuxhelp:~# chmod -R 755 /var/www/test

Step 6:Change the ownership as Apache user www-data by using the below command

root@linuxhelp:~# chown -R www-data. /var/www/test

Step 7:Create the virtual host by using the below command

root@linuxhelp:~# vim /etc/apache2/sites-available/test.conf

<virtualhost *:80>

servername www.linuxhelp1.com
documentroot /var/www/test


</virtualhost>

Step 8:Enable the Site by using the below command

root@linuxhelp:~# a2ensite test.conf
Enabling site test.
To activate the new configuration, you need to run:
  systemctl reload apache2

Step 9:Restart the apache web server by using the below command

root@linuxhelp:~# systemctl restart apache2

Step 10:Make the host entry for Server name by using the below command

root@linuxhelp:~# vim /etc/hosts

192.168.6.115 www.linuxhelp1.com

Step 11:Ping http://www.linuxhelp1.com

Step 12:Enable the SSL Module of Apache by using the below command

root@linuxhelp:~# a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  systemctl restart apache2

Step 13:Restart the apache web server by using the below command

root@linuxhelp:~# systemctl restart apache2

Step 14:Create the SSL key and Certificate by using OoenSSL command by using the below command

root@linuxhelp:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/linuxhelp1.key -out /etc/ssl/certs/linuxhelp1.crt
Generating a RSA private key
...................................+++++
.....................................................................................................+++++
writing new private key to '/etc/ssl/private/linuxhelp1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Step 15:Create the virtual host with port 443 and pointing the SSL certificate and SSL key files by using the below command

root@linuxhelp:~# vim /etc/apache2/sites-available/test-ssl.conf

<VirtualHost *:443>

servername www.linuxhelp1.com
documentroot /var/www/test

   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/linuxhelp1.crt
   SSLCertificateKeyFile /etc/ssl/private/linuxhelp1.key
</VirtualHost>

Step 16: Add the redirect directive in the test.conf Virtual Host file to redirect the site from http to https by using the below command

root@linuxhelp:~# vim /etc/apache2/sites-available/test.conf


redirect /  https://www.linuxhelp1.com

Step 17:Enable the test-ssl.conf by using the below command

root@linuxhelp:~# a2ensite test-ssl.conf
Enabling site test-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2

Step 18:Restart the apache web server by using the below command

root@linuxhelp:~# systemctl restart apache2

Ping https://www.linuxhelp1.com

By this to create a Self Signed SSL Certificate for Apache on Ubuntu 21.04 have been completed

Tag : SSL Apache Ubuntu
FAQ
Q
How many keys are used to set up the SSL connection
A
There are three keys are used to set up the SSL connection
Q
What does SSL certificates?
A
SSL certificates create a foundation of trust by establishing a secure connection. To assure visitors their connection is secure, browsers provide special visual cues that we call EV indicators—anything from a green padlock to the branded URL bar.
Q
How to get SSL Certificates?
A
To get SSL Certificates to create a Certificate Signing Request (CSR) on your server. This process creates a private key and a public key on your server. The CSR data file that you send to the SSL Certificate issuer (called a Certificate Authority or CA) contains the public key.
Q
What is the Subject of the SSL certificate?
A
The subject of the SSL certificate is the identity of the certificate/website owner.
Q
How do SSL certificates work?
A
SSL certificates have a public and a private key. These keys work together to establish an encrypted connection.