Installing a self signed Security Certificate
on Apache with Debian

In this tutorial, i am assuming that you have a fresh install of Debian lenny, and that you wish to install a self signed security certificate for the website example.com
This tutorial should also apply to Ubuntu but you may need to prefix commands with sudo.

Before we begin, you may want to execute

apt-get update
apt-get upgrade

1- Installing the web server (If not already installed)
You may want to install PHP, MySQL or other things, but that is irrelevant to our tutorial, here we only need the web server

apt-get install ....

2- Installing OpenSSL

apt-get install openssl ssl-cert

Now, we must generate a public key and a private key, keep in mind that your private key is top secret, it should be in a directory where no one else can read it.

openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem

Now we need to enable SSL in apache

a2enmod ssl

All that is left for us to do now is to configure apache to use this certificate.

In this case, we are going to create 2 config files one for plain http and the other for SSL / TLS, i also chose to make the web root directory the same for SSL and non SSL, you can surely append the SSL config file right after the config of the plain http and have a single config file, it does not make any difference, but i usually chose to separate them for easy management.

Simply store these files in the apache sites available directory.

Once done, we will need to enable them, you can enable them by simply creating a symbolic link in the sites-enabled directory as follows.

cd /etc/apache2/sites-enabled
ln -s /etc/apache2/sites-available/example.com.acfg
ln -s /etc/apache2/sites-available/example.com-ssl.acfg

You will also need to make sure port 443 has been added to the list of ports apache is listening to, if the file /etc/apache2/ports.conf has referance to port 443 then you are good (Installing above has added it for you), otherwise you will need to manually add the following

<IfModule mod_ssl.c>
    Listen 443
</IfModule>

In some other distros, you only need to add the line

Listen 443

We will now want to restart the web server for the changes to take effect

/etc/init.d/apache2 restart

Again note that the web directories of SSL and non SSL can be the same directory (And therefore the user has the choice of SSL or no SSL for the same website), or they can be separate, Just remember that every SSL certificate needs an IP address that is not shared with any other security certificate (Other http websites can live on the same IP).

Right now, you should be able to visit http://www.example.com and https://www.example.com and see your website in both cases.

Copyright SSL Certificates Cheap 2010 - All trademarks mentioned on the website are the property of their respective owners.

Contact Details | Privacy Statement | Prices

Cheap Domain Names | Internet Stats | Cheap SSL Certificates | Domain Name Reseller