Enable SSL/TLS + self signed certificate for http server

Self signed key + cert

  • Generagete key + certificate (the validity is 365 days in our example):
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout NAME.key -out NAME.crt

The command will ask for some answers on few questions.

  • Copy key/cert to appropriate directory (e.g. /etc/ssl or /etc/apache2/ssl or /etc/nginx/ssl, ...)
  • Adjust key's permissions and owner:
chown root: NAME.key
chmod 400 NAME.key

Apache httpd server

  • be sure you have installed and enabled apache's SSL/TLS module.
  • in appropriate virtual's config add
SSLEngine on
SSLCertificateFile DIRECTORY/NAME.cert
SSLCertificateKeyFile DIRECTORY/NAME.key
  • don't forget to restart httpd server
  • longer config example
<IfModule mod_ssl.c>
   <VirtualHost _default_:443>
       ServerAdmin webmaster@localhost
       DocumentRoot /var/www/html
       ErrorLog ${APACHE_LOG_DIR}/error.log
       CustomLog ${APACHE_LOG_DIR}/access.log combined
       SSLEngine on
       SSLCertificateFile DIRECTORY/NAME.cert
       SSLCertificateKeyFile DIRECTORY/NAME.key
       <FilesMatch "\.(cgi|shtml|phtml|php)$">
                       SSLOptions +StdEnvVars
       </FilesMatch>
       <Directory /usr/lib/cgi-bin>
                       SSLOptions +StdEnvVars
       </Directory>
   </VirtualHost>
</IfModule>

Nginx httpd server

  • be sure you have installed and enabled nginx's SSL/TLS module.
  • in appropriate server's cfg add
ssl on;
ssl_certificate DIRECTORY/NAME.cert;
ssl_certificate_key DIRECTORY/NAME.key;
  • don't forget to restart httpd server
  • longer config example
server {
       listen 443;
       access_log  /var/log/nginx/ssl-access.log;
       error_log   /var/log/nginx/ssl-error.log;
       index       index.html;
       root        /usr/share/nginx/html;
       server_name SERVERNAME;
 
       ssl on;
       ssl_certificate DIRECTORY/NAME.cert;
       ssl_certificate_key DIRECTORY/NAME.key;
 
       ssl_session_timeout     5m;

       #ssl_protocols   SSLv3 TLSv1 TLSv1.1 TLSv1.2;
       #ssl_ciphers     ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
       #ssl_prefer_server_ciphers       on;
}