How to setup a self-signed SSL/TLS Certificate on a specific domain on your Ubuntu 19.04 development server

How to setup a self-signed SSL/TLS Certificate on a specific domain on your Ubuntu 19.04 development server

In production environment, there's even a free way to get a SSL certificate through Let's Encrypt. However, in a local environment, where you work to test stuff, you don't need a publicly valid and signed SSL/TLS certificate to access a website through HTTPS. It's possible to use a signed one, that you can buy in internet for a price of course, but, why would you do that when you can simply use a self-signed one locally without paying a dime?

In this article, we will explain you how to easily create a secured version of a local website using a self-signed SSL certificate in Ubuntu.

1. Create self-signed SSL certificate

You will need a certificate to provide your domain with support for HTTPS. Create the following directory in the apache installation directory with the following command:

sudo mkdir /etc/apache2/ssl

Then, create the certificate inside the previous created directory with the following command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

This will start a prompt asking for information about the certificate, you can fill it either with real or fake data as it should only be used in a local environment:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]: Blabla
Locality Name (eg, city) []: Blabla
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Blabla
Organizational Unit Name (eg, section) []: Department of Blabla
Common Name (e.g. server FQDN or YOUR name) []: mycustomdomain.com
Email Address []: Blabla@Blabla.com

After finishing, you will have a self-signed certificate that can be used to provide HTTPS support for a domain in Apache. The output files:

  • /etc/apache2/ssl/apache.key
  • /etc/apache2/ssl/apache.crt

Will be used in the third step.

2. Create a HTTP version of the host

As first, you will need to have the standard version of your VirtualHost, that listens in the port 80 (http://mycustomdomain). The configuration of this vhost is generally up to you, however there are a few things that you need to consider as important to make the VirtualHost in HTTPS version as well. You will need to define exactly:

  • ServerName
  • ServerAlias
  • DocumentRoot

The 3 mentioned properties needs to be the same in the HTTPS version, so be sure that they match. The following vhost is an example of a basic http vhost that listens in mycustomdomain.com:, this file will be located at /etc/apache2/sites-available/mycustomdomain.conf:

<VirtualHost *:80>
	ServerAdmin webmaster@mycustomdomain.com
	ServerName mycustomdomain
	ServerAlias www.mycustomdomain.com
	DocumentRoot /var/www/html/mycustomdomain

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	<Directory /var/www/html/mycustomdomain>
	    Options Indexes FollowSymLinks MultiViews
	    AllowOverride All
	    Order allow,deny
	    allow from all
	</Directory>
</VirtualHost>

Unless you already have this vhost, you will need to enable it with:

# Enable site
a2ensite mycustomdomain

# Restart apache
systemctl restart apache2

This will allow you to browse to mycustomdomain.com in your browser in the HTTP version (assuming that you have already an alias for the host in /etc/hosts like 127.0.0.2    mycustomdomain.com).

3. Create HTTPS version

Now, basically what you need to do is to create the HTTPS version of the same previous virtualhost with the same properties, however we will add some extra settings to enable the HTTPS support:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

Is important to notice that the mentioned properties in the step 2:

  • ServerName
  • ServerAlias
  • DocumentRoot

Need to be THE SAME in this vhost, otherwise the host won't work. In this case, our HTTPS version of the host will be located at  /etc/apache2/sites-available/mycustomdomain_ssl.conf and will have the following content:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>       
        ServerAdmin  webmaster@mycustomdomain.com
        ServerName mycustomdomain.com
        ServerAlias www.mycustomdomain.com
        DocumentRoot /var/www/html/mycustomdomain

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        #   They should target the .key and .crt file created on the first step.
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key

        <Directory /var/www/html/mycustomdomain>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
        </Directory>
    </VirtualHost>
</IfModule>

Then, enable this virtual host and restart apache:

# Enable site
a2ensite mycustomdomain_ssl

# Enable SSL support in apache
sudo a2enmod ssl

# Restart apache
systemctl restart apache2

Now, you should be able to access your domain using the secure protocol https://mycustomdomain.

Happy coding !

This could interest you

Become a more social person