SSL Certificate for Single Server

Decide first if you want to create your own Certificate Authority (CA). A CA verifies and gives the certificates you can install in Apache. If you do, proceed to create the certificates and keys. Otherwise, buy the certificates from CA.

Create SSL Certificate

Certificates are files. Create key, csr and crt files.

• cd /home/root/
• mkdir ssl_cert
• cd ssl_cert
• openssl genrsa -out example.key 2048
• openssl req -new -key example.key -out example.csr
• openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt

Enable mod_ssl with a2enmod

Requirements Needs openssl installed

• Run sudo apt-get upgrade openssl
• sudo a2enmod ssl
• sudo a2ensite default-ssl

Apache Settings

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on

        SSLCertificateFile  /home/root/ssl_cert/<example_name>.crt
        SSLCertificateKeyFile /home/root/ssl_cert/<example_name>.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    </VirtualHost>
</IfModule>

Restart Apache server

Restart Apache server

• sudo service apache2 restart

Note: If your server still says "Your connection is not private," it means that you do not have a Certificate Authority (CA). You can set up your own CA or forget everything here, and buy certificates from a CA.

Here's more information about serving Certificate Authority: https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html