How to Create Apache Self Signed SSL Certificate Ubuntu 16.04 LTS

Introduction: -
SSL is an essential part of creating a secure Apache website. SSL certificates allow you encrypt all the traffic sent to and from your Apache website to prevent others from viewing all of the traffic. It uses public key cryptography to establish a secure connection. This means that anything encrypted with a public key (the SSL certificate) can only be decrypted with the private key (stored only on the server) and vice versa.

Prerequisites: -
Before start creating SSL certificate, following are the prerequisites:

1- Sudo privileges user
2- Installed Apache
3- Installed OpenSSL





Step 1: Install Apache
We need to install Apache web server if don't have already. This can be done by using the command below.
root@US16:~# apt install apache2
Step 2: Install OpenSSL
 We need OpenSSL to generate a self-signed certificate, Use the command below to install it.
root@US16:~# apt install openssl
Step 3: Create Virtual Host
First, We need to have a Virtual Host where we will install our Self-Signed Certificate, follow the steps below to setup new VHost.

3A-  Create a directory to store VHost data
root@US16:~# mkdir -p /var/www/html/vhost1
3B- Create VHost and add configuration
root@US16:~# vi /etc/apache2/sites-available/vhost1.conf
Append below VHost configuration in the file vhost1.conf 

ServerAdmin amar.singh@outlook.in
ServerName vhost1.org
DocumentRoot /var/www/html/vhost1/
ErrorLog
/var/www/html/vhost1/logs/error.log
CustomLog /var/www/html/vhost1/logs/access.log combined
/var/www/html/vhost1/>
Options All
AllowOverride All
Require all granted

Save and Exit from the file.

3C- Create a simple HTML file
root@US16:~# vi /var/www/html/vhost1/index.html
Add some text to the file 
This is Vhost1 !!Testing!!
Save and Exit from the file

3D- Enable created VHost 
root@US16:~# a2ensite vhost1.conf
Enabling site vhost1.
To activate the new configuration, you need to run:
service apache2 reload
root@US16:~#
3E- Reload Apache service to apply changes
root@US16:~# service apache2 reload
3F- Test VHost by hitting Server name- http://vhost1.org/
By hitting URL- http://vhost1.org/ you will get output like below









Step 4: Create the SSL Certificate
SSL is a combination of Public and Private Key, Private Key stored only on the Server. 
Let's create Certificate by using the single command below:
root@US16:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vhost1.key -out /etc/ssl/certs/vhost1.crt
Generating a 2048 bit RSA private key
.........+++
..+++
writing new private key to '/etc/ssl/private/vhost1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Delhi
Locality Name (eg, city) []:South Ex
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ISTM
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:vhost1.org
Email Address []:amar.singh@outlook.in
root@US16:~#


You will be prompted to enter your organisational information and a common name. The common name should be the fully qualified domain name for the site you are securing (www.mydomain.com). You can leave the email address, challenge password, and optional company name blank. When the command is finished running, it will create two files: a mysitename.key file and a mysitename.crt self-signed certificate file valid for 365 days.

Step 5: Configure Apache to use SSL
5A- Enable Port listening 
root@US16:~# vi /etc/apache2/ports.conf
Add the highlighted line to the ports.conf file.
Listen 80
Listen 443


Listen 443



Listen 443

Save and Exit from the File
5B- Enable SSL module
root@US16:~# a2enmod ssl
5C-  Change VHost Configuration
root@US16:~# vi /etc/apache2/sites-available/vhost1.conf
Append line below in the conf file

DocumentRoot /var/www/html/vhost1/
ServerName vhost1.org
SSLEngine on
SSLCertificateFile /etc/ssl/certs/vhost1.crt
SSLCertificateKeyFile /etc/ssl/private/vhost1.key

Save and Exit from the File
5C- Restart Apache service to apply changes.
root@US16:~# service apache2 restart
Step 6: Test installed SSL certificate 
To validate installed SSL certificate access website by hitting URL- https://vhost1.org/

Once everything goes well you will get output like below:



















SSL Certificate has been installed successfully, let's proceed it by clicking on the Advanced button and add it to the exception to view the website. 

Once done you will get the output as bellow:














!!! Self-signed SSL has been configured successfully !!!