How to install Apache Web Server with a Self-Signed SSL Certificate on Linux Ubuntu 20.04 LTS or newer.
Introduction
Requirements
The following is a list of items needed to complete the setup successfully:
1) An SSH client such as Putty or the MacOS terminal app
2) A server with atleast 4GB RAM, a dual core processor and 50GB of free disk space
3) Linux Ubuntu 20.04 LTS or any newer version
4) Full root access to the server
5) A stable internet connection.
Overview
The following is an overview of the steps covered in this tutorial:
1) Open an SSH connection to the Linux Ubuntu Server
2) Download and install Apache Web Server
3) Install openssl and generate a self-signed certificate
4) Configure Apache to use SSL
5) Test the configuration.
Step 1: Open an SSH connection to the Linux Ubuntu Server
The first step is to open an SSH connection to the Linux Ubuntu Server. If you are a Windows user, you can download and install PuTTY from the official website https://putty.org/. Double-click on the .exe file to launch PuTTY.
To configure the connection, follow these steps:
1. In the “Host Name (or IP address)” field, enter your server’s IP address or hostname.
2. Leave the “Port” field at the default (22) or enter your custom SSH port number.
3. Choose “SSH” as the “Connection type”.
4. You can also save this configuration by clicking on “Save” and giving your session a name for easy access later.
To establish the connection, click on the “Open” button to initiate the SSH connection. If you are a macOS user, you can use the Terminal app found at Applications > Utilities. To open an SSH connection, follow these steps:
1. In the Terminal window, type the following command, replacing with your server username and with your server’s IP address or hostname:
ssh username@ip-address-of-ubuntu-server
2. You’ll be prompted to confirm the server fingerprint. Type “yes” to proceed.
3. Enter your server password when prompted.
Step 1: Download and install Apache Web Server
apt install apache2 -yWhen the installation process completes verify apache is running by running the command:
systemctl status apache2The command should return output that contains the following details:
apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running)
Step 2: Install OpenSSL and generate a self-signed certificate.
The next step is installing OpenSSL and generating the self-signed certificate. Run the following command to install OpenSSL:
sudo apt install openssl -y
When the installation completes, generate a private key and a certificate signing request (CSR) using the following command in your terminal:
openssl req -nodes -newkey rsa:2048 -keyout /etc/ssl/private/private.key -out /etc/ssl/private/request.csr
When you run this command, you’ll be prompted to provide your certificate information which includes your Common Name, Organization, City, State, and Country. Once you’ve provided this information, the CSR will be generated. After the CSR is generated, you can create the SSL certificate with the following command:
openssl x509 -in /etc/ssl/private/request.csr -out /etc/ssl/private/certificate.crt -req -signkey /etc/ssl/private/private.key -days 365
Once the certificate and key files are generated, you can use them with Apache webserver.
Step 3: Configure Apache to use SSL
After generating the certificate in the previous step, you need to configure Apache to use it. Open the default SSL configuration file for Apache by running the command:
nano /etc/apache2/sites-available/default-ssl.conf
Update the file and ensure it looks like this:
ServerAdmin admin@example.com
ServerName your-server-ip
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/private/certificate.crt
SSLCertificateKeyFile /etc/ssl/private/private.key
<filesmatch "\.(cgi|shtml|phtml|php)$"="">
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
Save the changes made to the file and enable the https virtualhost by running the command:
a2ensite default-ssl.conf
Open the Apache default virtual host configuration file by running the command:
nano /etc/apache2/sites-available/000-default.conf
In this file, add a redirect directive to point all traffic to the SSL version of the site, as shown below:
ServerAdmin admin@example.com
ServerName your-server-ip
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect "/" "https://your-server-ip/
After editing and saving the file, the SSL and header modules should be enabled with the following commands:
a2enmod ssl a2enmod headers
Finally, the Apache service should be reloaded to implement the changes:
systemctl reload apache2
Step 4: Test the configuration
Open a new browser window and enter the URL https://your-server-ip. You’ll be directed to a warning page which is not uncommon. This is due to the fact that the certificate hasn’t been authorized by trusted certificate authorities.
You can disregard this message and proceed to your host by clicking on “proceed”. The Apache default page will be displayed. In the address bar of your browser, you’ll notice a lock icon with a “not secure” message. Although the certificate hasn’t been validated, it is still securing your connection.
Conclusion
In this tutorial, you’ve learn the steps for installing and configuring Apache web server with a self-signed SSL certificate on Ubuntu 20.04 or newer versions. Remember that self-signed certificates lack verification from trusted authorities and may trigger browser warnings for users accessing your website. For production environments, consider using trusted certificates issued by recognized providers to enhance user trust and website security. We hope that this tutorial has been informative and we’d like to thank you for reading it.