Creating and Using a Self-Signed Certificate with OpenSSL and Apache

Introduction

Purpose: Self-signed certificates are used for development purposes.
Legitimate Certificates: For websites on the internet, use certificates from a Certificate Authority (CA).

Syntax: openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/ssl/private/filename.key -out /etc/ssl/certs/filename.crt
Parameters:
- -x509 : Output a self-signed certificate instead of a certificate request.
- -nodes : No DES, do not encrypt the private key.
- -days 365 : Certificate is valid for 365 days.
- -newkey rsa:4096 : Generate an RSA key with 4096 bits.
- -keyout : Specify the file to write the private key to.
- -out : Specify the file to write the certificate to.
File Locations:
- Key file: /etc/ssl/private/filename.key
- Certificate file: /etc/ssl/certs/filename.crt

Configuration File: /etc/apache2/sites-available/default-ssl.conf
Modifying Configurations:
- Edit using any preferred text editor (e.g., Gedit).
- Update the SSLCertificateFile directive to point to your certificate file.
- Verify path accuracy (e.g., /etc/ssl/certs/filename.crt).

Change ownership of the certificate and key files to Apache user (www-data).
- chown www-data:www-data /etc/ssl/certs/filename.crt
- chown www-data:www-data /etc/ssl/private/filename.key

Commands:
- a2enmod ssl : Enable SSL module.
- a2enmod headers : Enable Headers module.
- a2ensite default-ssl : Enable the default SSL site.
- Restart Apache: systemctl restart apache2

Self-signed certificates are useful for development but not trusted for production use.
Apache needs modification to recognize and use the new certificate files.