Creating a Self-Signed Certificate is not very complicated. This guide will show you a step by step procedure how to do it on Debian.

Prerequisites

apt-get install apache2 openssl

/!\ Be sure that you are root (su/sudo) /!\ . If the packages are not installed on the server it will automatically download them from the package site and install.

/!\ Before configuring Apache2 to serve over HTTPS, you should confirm that it is working OK for normal HTTP traffic. You can check this by launching your browser and entering http://127.0.0.1/ in the address bar, referring your browse to your local web server. if you see "It Works!", its likely working.

STEP 2

/usr/sbin/apache2-ssl-certificate

After typeing in the command, you will be prompted to answer some questions. Go ahead and answer them :)

To override the default number of days the certificate is valid for you can specify -days X.

If you need to re-run the wrapper program (create a new, replacement, certificate file), you need to specify --force to overwrite the old key.

STEP 3

After the question period you have to make sure that the ssl mode is enabled. The command is

a2enmod ssl

STEP 4

Next step involves creating a default page. You can copy and modify the default site that is available in /etc/apache2/sites-available directory. (eg cp default ssl). Use your favorite text editor, for example pico to edit the new site configuration file. Modify the default site so the server will listen on port 443 for incoming secure connections. Example:

NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

You may also need to specify the ?ServerName value with the same domain name you gave to the apache2-ssl-certificate questions.

In the existing site configuration file, default, you will likely need to specify port 80 with *:80.

STEP 5

After creating your SSL site, its time to enable it. To enable your newly created site you need to run this command.

a2ensite ssl

Where "ssl" should be replace by the name of the site you have created in STEP 4.

STEP 6

It is very important to tell the server to listen on port 443. Thats why you need to add a line to ports.conf (/etc/apache2/ports.conf) file. After the modification your file should look something like this:

Listen 443
Listen 80

STEP 7

Now restart the apache server to apply the changes.

/etc/init.d/apache2 restart

STEP 8

Open your browser and type:

https://127.0.0.1

The loop-back address should take you to the default apache page and display the Certificate prompt.

If you have any questions or comments, please drop me a line at konrad@atwaterlibrary.ca

This site is dedicated to Daniel Enright, a man that opened my eyes on to the World of Linux.