to create a certificate for development purposes we can use a self-signed certificate if you want a legitimate certificate for example for use of a website on the Internet you want to get that from a certificate authority for development purposes we can often use self-signed certificates we're going to use open SSL to create the certificate first we're going to become the root user instead of using the sudo command before each command the reason we're going to become root in this case is that in some cases you can have trouble accessing the private directory where the private keys are stored if you're not the root user even if you're using the sudo command to avoid that in this particular case we're going to choose to become root user instead of using sudo we'll use open SSL to create a certificate the syntax is open SSL requests req - x.509 the format to forget - nodes and then the number of days we want it to be good for we'll just choose 365 we're going to use an RSA key in this case so we want to create a key and we'll use RSA 4096 bits we need to send this key file out we're going to keep this key file and Etsy SSL private directory and we need to give it a name we'll call ours tilde dot key we also need to create those TIFF akin itself and send that out these dash out SSL certs and then we'll give our certificate a name facility dot CRT what open SSL create the cert and you can put in the country code and other information if you like when done our certificate and the key file are created and put into other respective directories we still need to tell Apache where this location of the certificates are and also you have Apache the right to access their certificate we'll start by modifying the Apache configuration file you can use whichever editor you like if you want one that's most like notepad G edit may be a good fit the file that we want to alter is in the Apache configuration directory let's see Apache sites available we look inside we'll see there's a default SSL kampf and then there's also a backup if he's created a backup if you haven't created a backup you may want to do so we're gonna find the line SSL certificate file and we're going to change this from the current value which is either going to be a default value or the last value to the new value we put our certificate in the search directory and we called it Mattila date search I want to make sure this value matches exactly the command we use for example this search directory has an S on the end so I want to make sure to correct that need to be very precise if you want you can just copy it to copy from the command line you can either highlight what you want to copy and then right-click and select copy but a more convenient way is to highlight what you want to copy and use shift control then C for copy then we can paste the value into the file whichever method you use just be sure that you get it exactly the same as what you had here on the command line when you're done save the file and we still need to make another modification now we'll go ahead and change the ownership with K own don't need sudo in this case since we're the root user the username for the Apache service is w W data the group is the same separate those with the colon and then the name of the file that we want to change the ownership up and we'll start with the certificate file we need to do the same for the key with those done we can go ahead and enable the SSL module and Apache to do that we'll use the Apache to enable module program a2 and mod and the name of the module that we want to enable in this case is SSL we also want to enable the headers module and the default SSL module and we'll use the Apache to enable site for default SSL and then as Apache keeps telling us we need to restart Apache so we'll copy paste that command and restart Apache let's try it out on our site in this case we're using self signed certificate and Firefox correctly says our connection is not secure because our certificate is not backed up by a legitimate certificate authority so click advanced and add an exception in our case since we were the ones created certificate we trust that we didn't do anything wrong and now we can see our site has HTTPS using our self signed certificate