46

I want to install an SSL certificate on my localhost in Ubuntu environment because I can't work on the production server directly. I have to put some conditions in my code on the basis of whether the page is HTTP or HTTPS.

How can I do this?

Brad Larson
  • 170,088
  • 45
  • 397
  • 571
Ritesh
  • 4,720
  • 6
  • 27
  • 41
  • 1
    Installing an SSL *certificate* isn't the same thing as installing SSL itself. Don't fall into the lazy habit of using 'SSL' to mean 'SSL certificate'. It isn't the same thing and it just adds confusion and ambiguity to your question. Please clarify which it is you're talking about. – user207421 Mar 28 '15 at 04:27

1 Answers1

116

Enable the Apache module by typing:

sudo a2enmod ssl

After you have enabled SSL, you'll have to restart the web server for the change to be recognized:

sudo service apache2 restart

Let's start off by creating a subdirectory within Apache's configuration hierarchy to place the certificate files that we will be making:

sudo mkdir /etc/apache2/ssl

Now that we have a location to place our key and certificate, we can create them both in one step by typing:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

The questions portion looks something like this:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company
Organizational Unit Name (eg, section) []:Department of Kittens
Common Name (e.g. server FQDN or YOUR name) []:your_domain.example
Email Address []:your_email@domain.example

Open the file with root privileges now:

sudo nano /etc/apache2/sites-available/default-ssl.conf

With the comments removed, the file looks something like this:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

In the end, it will look something like this. The entries were modified from the original file:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@example.com
        ServerName your_domain.example
        ServerAlias www.your_domain.example
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /var/www/html>
            SSLOptions +StdEnvVars
            DirectoryIndex index.php
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Save and exit the file when you are finished. Now that we have configured our SSL-enabled virtual host, we need to enable it.

sudo a2ensite default-ssl.conf

We then need to restart Apache to load our new virtual host file:

sudo service apache2 restart

That's it now run your site with https..!!

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
Ritesh
  • 4,720
  • 6
  • 27
  • 41
  • 2
    I followed all the steps, but stil getting error unable to connect – trex May 03 '16 at 07:55
  • @trex there should be something you missed.. please double check all the settings mentioned in above steps.. – Ritesh May 04 '16 at 03:05
  • Your use of `openssl req -x509` is probably wrong. Its results in ***`CN=www.example.com`***. Hostnames always go in the *SAN*. If its present in the *CN*, then it must be present in the *SAN* too (you have to list it twice in this case). For more rules and reasons, see [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) You will also need to place the self-signed certificate in the appropriate trust store. – jww Jul 23 '17 at 22:11
  • Works well in ubuntu 16.10 with php7. When it ask for Common Name (e.g. server FQDN or YOUR name) []:localhost Email Address []:localhost@localhost.com. This works for me. – Bikram Shrestha Jan 30 '18 at 08:25
  • 2
    This ends up showing `certificate is not trusted` and does not work. It seems like an issue of not being a signing authority as stated by @jww. – Jordan Dec 04 '18 at 19:37
  • I don't know what the orders did, but working perfectly here. Obviously not trusted but exception in the browser and hey presto. – tonypartridge Feb 19 '19 at 15:04
  • I used this on a docker lamp. I can access the site on https but samesite cookie (which requires https is still not setting) any additional config i have to do? – shababhsiddique Oct 22 '20 at 08:04
  • Don't forget to enable the ssl mode also by running sudo a2enmod ssl – Ali Akbar Afridi Mar 21 '22 at 14:15