Learn to create SSL Certificate for Apache Server

Last updated on March 18th, 2018 at 09:33 pm

Hello Linux-fanatics, in our earlier tutorial we learned to create apache web server with Name based hosting & IP based hosting. If you have not read it, read it now because we will need a working apache web-server for this tutorial. In this tutorial, we are going to learn to secure our website with a SSL certificate.

What is SSl certificate & why do we need it ?

SSL certificate

SSL or Secure Socket Layer is web protocol, which is used to encrypt our web-server traffic. Data transfer during website access is in plain text which can easily be hacked. This might not seem like a threat when we are reading tutorials on Linuxtechlab.com but it will be a major issue when you are shopping at amazon & someone hacks your credit card info. So in order to prevent any eavesdropping/hacking , we secure our websites with a SSL certificate. If our website has a SSL cert & someone hacks the data, it will be of no use to him since it will be encrypted.

If you have a website that is accessed globally, we need to get an SSL certificate from a Global certificate authorities (CAs) as self-signed certificates, which we will be creating, are not identified by web-browsers. Self-signed certificates are signed by the same person as the person creating & are good for internal & testing purposes.

Now let’s create SSL Certificate (self-signed certificate),

(Recommended Read: Installing Awstat for analyzing Apache logs)

(Also Read: How to use Apache reverse proxy as Load Balancer)


Firstly, we will need a working apache web-server with a website of at least a single page hosted,

Secondly, we will need the ‘mod_ssl’ & ‘openssl’  installed on our web-server. We can install them by using YUM

$ yum install mod_ssl openssl


Create SSL Certificate

We will now generate the certificate using the following steps, but first let’s create a folder where we will be doing our certificate generation

$ mkdir /etc/httpd/ssl
$ cd /etc/httpd/ssl

Now, we can create a self-signed key and certificate pair with OpenSSL in a single command by typing

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

here, openssl is the command for creating and managing ssl,

req –x509 is public key infrastructure for ssl,

-nodes, means we don’t need a passphrase,

-days 365 is the validity of the certificate,

-newkey rsa:2048  means cert will 2048 bit long,

-keyout, means where to place Private key,

-out means where to place our certificate.

Once you run this command you will asked to provide some information , provide the information & your certificate will be created.


Adding Certificate to Web Server

After generating the certificate, we need to add in to our apache server. Open ‘/etc/httpd/conf.d/ssl.conf’ & we will make some changes to it

$ vi/etc/httpd/conf.d/ssl.conf

Now search for the line with ‘VirtualHost _default_:443’ & change the server name to one you used as common name on your ssl certificate (test1.com), so it look like

<VirtualHost _default_:443>

. . .

DocumentRoot “/var/www/html”


Next we will add the path to our certificate & Private Key,

SSLEngine on

SSLCertificateFile /etc/httpd/ssl/apache.crt

SSLCertificateKeyFile /etc/httpd/ssl/apache.key

After making these changes, save & exit the file. Restart your apache service

$ systemctl restart httpd

& now open your web browser & try accessing your website using https,



Voila, its works, this completes our tutorial on how to create SSL Certificate for Apache server. Please feel free to mention any queries/comments in the comment box down below.

If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

Become a Supporter – Donate us some of you hard earned money:

Linux TechLab is thankful for your continued support.


Passionate about Linux & open source. Loves to learn, read & write about Linux as well as new technologies.

You may also like...

Leave a Reply