Setup Apache2 HTTP with Self-Signed SSL/TLS Certificates on Ubuntu 16.04 LTS Servers
When you’re doing internal testing in development environments… you may not need publicly signed SSL/TLS certificates. Although we’ve shown you how to obtaining free Let’s Encrypt certificates, if your site is not publicly accessible or assigned a public with domain, Let’s Encrypt won’t work for you…
Your only option is to use self-signed certificates..
SSL/TLS certificate is mechanism that allows private communication between two network devices. It’s a protocol that enable secure communication between webservers and web clients and many others network services…
When it comes to SSL/TLS implementations, there are basically two types of certificates: A public and private certificates… Public certificates are those that are used on websites and other public facing resources… and the private or self-signed are those that are generated internally, mostly for testing purposes..When you’re ready to setup Apache2 with self-signed certificates, continue below:
Step 1: Install Apache2 HTTP Web Server
If you don’t already have Apache2 HTTP Server installed, the commands below can help you install it on Ubuntu 16.04 LTS… Just copy and paste each line and run it.
sudo apt update sudo apt install apache2
After installing Apache2, go to step 2 to generate a self-signed SSL/TLS certificate for the Apache2 website..
Step 2: Creating Self-signed Certificates
When you can’t install or afford trusted certificates from a certificate authority, you may get by with self-signed certificates. Both trusted and self-signed certificates are the same and use the same protocols… the only difference is, one is trusted by a third party and the other is not.
When you’re ready, run the commands below to generate the server private key as well as the self-signed SSL/TLS certificate for the example.com domain… you’ll be using.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/example.com.key -out /etc/ssl/certs/example.com.crt
After running the commands above, you’ll be prompted to answer few questions about the certificate you’re generating… answer them and complete the process.
Generating a 2048 bit RSA private key ........+++ .....................+++ writing new private key to 'mydomain.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:Brookly Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Company Organizational Unit Name (eg, section) []:SSL Unit Common Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:webmaster@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: LEAVE BLANK An optional company name []:
When you’re done above, the private key file will be stored in /etc/ssl/private/ folder called example.com.key and the certificate file stored in /etc/ssl/certs/ folder called example.com.crt as defined on the command line above.
You’ll need both files to be referenced in the Apache2 configuration settings..
Step 3: Installing the certificates
After generating the certificate, the next step will be to install it on Apache2 server. To do that, open Apache2 SSL/TLS config file in Ubuntu and add the highlighted lines below…
sudo nano /etc/apache2/sites-available/default-ssl.conf
Then reference the certificate files in Apache2 configuration as shown below:
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost ServerName example.com ServerAlias www.example.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined #Include conf-available/serve-cgi-bin.conf # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCertificateFile /etc/ssl/certs/example.com.crt SSLCertificateKeyFile /etc/ssl/private/example.com.key # #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key ...................... ....................... </VirtualHost> </IfModule>
Save the file and close out….
Next, open Apache2 default site config file and make sure the domain name is define.
sudo nano /etc/apache2/sites-available/000-default.conf
And define the server name as shown below:
<VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. ServerName example.com ServerAlias www.example.com ServerAdmin webmaster@localhost DocumentRoot /var/www/html .................. ................. </VirtualHost>
After making the changes above, run the commands below to test your settings and enable Apache2 SSL module.
sudo apachectl configtest sudo a2enmod ssl sudo a2ensite default-ssl
If you don’t see any error messages then you’re good. Restart Apache2 web server by running the commands below.
sudo systemctl restart apache2.service
Next, browse to the server domain using https in your browser and you’ll get a certificate warning because it’s a self-signed. If you see a cert warning that the cert can be trusted, then it’s working..

Continue the the site… since you trust your own self-signed certificates…. Going to sites you don’t trust is not recommended.

That’s it! This is how to create self-signed certificates to support Apache2 HTTP server.
Enjoy!
You may also like this post:
Thanks, you have made this simpler to understand than most other sites I have already looked at today. I notice that you are making edits in the default-ssl.conf and 000-default.conf files. Does this still apply if you need to set up HTTPS on multiple sites on the same development machine? In other words, I may have two sites such as dev.mysite.com as well as dev.myothersite.com both running locally (I am building customized Drupal websites for businesses). Would anything need to be changed in the ‘dev.mysite.com.conf’ or the ‘dev.myothersite.com.conf’ files? I am new to working with Apache (ex-IIS/ .NET developer).
Thank you for making this! This worked for me still on November 11, 2018. In addition, I used a combination of Cloudflare and Amazon aws.
Are the mentions of Nginx, mistakes? The article was about Apache2.
i am using the same step but it doesnot redirect to http to https