HOWTO: Generate Your Own Self-Signed SSL Certificates (for HTTPS Apache)

By Mark Kolich on March 21, 2009 10:01 PM | 1 TrackBack
If you'd like to generate your own self-signed SSL certificates for use with Apache, the openssl command makes it easy.  At home, I run a few HTTPS development Apache instances that use my own self-signed SSL certificates.  Granted these certificates are not signed by a legitimate Certificate Authority (like Verisign, Thawte, or Network Solutions), but they get the job done if you want quick and cheap SSL security.  Keep in mind that if you use a self-signed certificate, a web-browser will probably complain as shown here.  So, you probably shouldn't use this in a real production environment.  However, for development stuff at home, this is perfect.

Here's how you can generate your own self-signed SSL certificates:

openssl genrsa 1024 > example.com.key
openssl req -new -key example.com.key -x509 -days 365 -out example.com.crt

Now that you've got a key and certificate (a .crt file), you can integrate them into Apache.  This involves using the SSLCertificateFile and SSLCertificateKeyFile directives in your Apache configuration file that defines an HTTPS VirtualHost.  You need to configure these directives to point to your certificate and key files, respectively.  In my environment, this configuration goes into /etc/httpd/conf.d/ssl.conf ...

##
## SSL Virtual Host Context
##

<VirtualHost _default_:443>
 ...
 SSLCertificateFile /path/to/crt/file/example.com.crt
 SSLCertificateKeyFile /path/to/key/file/example.com.key
 ...
</VirtualHost>

Remember, your private key (your key file) is important.  You should keep it in a secure/private place on your server, and not in a publicly readable directory.

Tags:

Did You Find this Helpful?

Did you find this post helpful, or at least, interesting?

  

Send Mark a Direct Message

If you'd like to send me a direct message, please do so below. However, I do not publicly post comments or messages submitted directly to me. So, if you're going to try to SPAM me, or my blog, you're pretty much wasting your time.

400 characters remaining

Error

About Mark

A Silicon Valley native, Mark Kolich is a full-time Software Engineer, a casual entrepreneur, and a consultant for hire. A web technologies expert, his current focus is on building powerful and robust cloud-driven web-applications using Java, PHP, Perl, AJAX, DHTML, CSS, and JavaScript. His favorite programming languages are PHP, Java and JavaScript. He uses Linux, enjoys biking to work, loves building great software, and always writes elegant, readable, and maintainable code.

1 TrackBack

HOWTO: Setting Up Your Own SVN Server (Using Apache and mod_dav_svn) from Mark S. Kolich on March 16, 2010 2:32 PM

Setting up your own SVN source control server is surprisingly easy.  At home, I recently setup an SVN server in a CentOS 5.4 virtual machine with Apache 2.2 and mod_dav_svn.  With a little work, I had a secure and fully... Read More

Twitter (@markkolich)

Bookmarks/Blogroll

Translate

About this Entry

This page contains a single entry by Mark Kolich published on March 21, 2009 10:01 PM.

HOWTO: SHA1withRSA Digital Signing in Java (OpenSSL, PKCS#8) was the previous entry in this blog.

HOWTO: Configure Apache to Return a HTTP 204 (No Content) for AJAX is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.