Enable HTTPS for Apache using Self-Signed SSL Certificate on Ubuntu 20.04

When working on local environment you might need to enable HTTPS protocol in the Apache web server. The easiest way to achieve this is to create self-signed SSL certificate. A web browsers will inform that certificate is not valid because it is not signed by trusted certificate authorities. Self-signed SSL certificates is good for testing purposes and not recommended to use in production environment.

This tutorial shows how to enable HTTPS for Apache using self-signed SSL certificate on Ubuntu 20.04.

Enable HTTPS

Run the following command to create a self-signed SSL certificate and private key:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-self-signed.key -out /etc/ssl/certs/apache-self-signed.crt

You will be asked to provide country code, city, organization name, and other details. You can enter fake details because certificate will be used for testing purposes.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Los Angeles
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Inc
Organizational Unit Name (eg, section) []:Example Dept
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:test@example.com

Open default Apache SSL virtual host file:

sudo nano /etc/apache2/sites-available/default-ssl.conf

Modify the path of SSL certificate and private key file.

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile      /etc/ssl/certs/apache-self-signed.crt
        SSLCertificateKeyFile /etc/ssl/private/apache-self-signed.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars

Enable Apache mod_ssl module:

sudo a2enmod ssl

Enable SSL virtual host:

sudo a2ensite default-ssl.conf

Restart Apache:

sudo service apache2 restart

Testing HTTPS

Open a web browser and enter https:// followed by IP address of your machine. The browser will show warning because the certificate is a self-signed.

If you use the Google Chrome, you can click “Advanced” button and then the link to open your site:

Proceed unsafe site when HTTPS enabled for Apache on Ubuntu

Leave a Comment

Your email address will not be published. Required fields are marked *