How to Create SSL Certificate on Apache for Ubuntu 12.04

The steps stated here primarily require the user to have root privileges on the VPS. Moreover, you need to have Apache already installed in your system, and running on virtual server. If it is not already installed, you can download it by using the stated command.

sudo apt-get install apache2


1. SSL Module Activation

Enable the SSL on the droplet.

sudo a2enmod ssl

Follow-up by restarting the Apache

sudo service apache2 restart

2. Create a new directory

A new directory needs to be created, where the server key and the certificate needs to be stored.

sudo mkdir /etc/apache2/ssl

3. Create a self-signed SSL certificate

When there is a request for new certificate, we can determine how long the certificate should remain valid by simply changing the number of days from 365 to the number you prefer. As it certifies that the number of days will expire after 1 year.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key

By using this command, we are creating the self-signed SSL certificate as well as the  server key that protects it, and placing both these in the new directory.

This command will instigate the terminal to display a list of fields that needs to be filled. Moreover, the most significant line is “Common Name”. You need to enter your official domain name here or else the IP address of the site, if you do not have the domain name.

You are about to be asked to enter information that will be incorporated in your certificate request.

What you are required to enter is what is called a Distinguished Name or a DN. There are some other fields as well, but you are some of the fields blank.

For some fields there will be a default value. Like, if you enter '.', the field will be left blank.


Country Name (2 letter code)

State or Province Name (full name) [Some-State]

Locality Name (eg, city)

Organization Name (eg, company)

Organizational Unit Name (eg, section)

Common Name (e.g. server FQDN or YOUR name)                 

Email Address


4. Setup the certificate

At this stage, we have all the requisite components of the finished certificate. What is next is to setup the virtual hosts in order to display the new certificate. Now, you need to open-up the SSL config file:

nano /etc/apache2/sites-available/default-ssl

Within the section that starts with <VirtualHost _default_:443>, make the following changes swiftly. Add a line with your server name straight below the Server Admin Email:


Now, replace the with your DNS approved domain name or server IP address. Find out the following lines and ensure that they match the extensions stated below:

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.crt

SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Save the file and Exit from it.

5. New Virtual Host Activation

Before the website (which will come on port 443) can be activated, we need to unable the Virtual Host:

sudo a2ensite default-ssl

Everything is at the place, and now, you need to restart the Apache server that will reload it with all the changes in its place.

sudo service apache2 reload

Moreover, you need to type https://youraddress, in your browser, and you will be able to view the new certificate. 

Was this answer helpful?

 Print this Article

Also Read

How to secure SMTP, POP and IMAP connections in Plesk

Default Certificates We need to replace the following three files (default permissions in...

How to verify that SSL for IMAP/POP3/SMTP works and the proper certificate is installed

To verify SSL please use the following commands: IMAP via SSL uses 993 port by default:...

How to uninstall Pyxsoft Anti Malware

Uninstallation instructions1. Go to the folder: cd /usr/share/ilabs_antimalware/includes2....

I am unable to connect to database server.

How to install CentOS Web Panel

Installer all versions: Login on your server as root and run following command (it runs 10-20...

Powered by WHMCompleteSolution