How to Create an SSL Certificate on Apache on Arch Linux


Self Signed Certificates are useful for securing the information between web server and the user. A secure connection will be made by encrypting the site’s information. An SSL certificate can reveal the virtual private server’s identification information to the site visitors.

This tutorial will guide you to create and install Self Signed Certificates on Apache for Arch Linux.



This tutorial requires the user to have root privileges on VPS. Check the tutorial on Arch Linux Server SetUp to get it done.

Also, you need apache already installed and running on your virtual server. In case if you don’t have, download it with the following command:


sudo pacman -Syu

sudo pacman -S apache


Switch to Apache Config Directory

First of all, move in to the main apache config directory:

cd /etc/httpd/conf

Every subsequent step will be carried out from this directory.


Create an SSL Certificate

You need to create the new SSL certificate using 1024 rsa private key. You can use any size key you wish. Here, I will be using 1024 for simplicity.

The “-des3” option assigns the requirement for a passphrase. The passphrase ensures heightened security. In case if apache crashes or reboots, you will have to enter the passphrase in order to get the web server online.

sudo openssl genrsa -des3 -out server.key 1024

You can proceed to create a certificate signing request. You may be prompted to re-enter the passphrase in this step as well.

sudo openssl req -new -key server.key -out server.csr

You will be given a display of fields to be entered at your command prompt. Fill in as required. You will have to replace fields like CityName and CompanyName with your proper data.


You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:ProvinceName
Locality Name (eg, city) []:CityName
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompanyName
Organizational Unit Name (eg, section) []:OrganizationName
Common Name (e.g. server FQDN or YOUR name) []                  
Email Address []:[email protected]


Remove the passphrase using:

sudo cp server.key server.key.orgsudo openssl rsa -in -out server.key

You can specify the validity of the certificate by changing the 365 days to your preference. By default, it expires after one year.

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt


Configuration File Changes

Now that your certificate has been created and signed, you need to include that in apache configuration file. Make the following changes to the main apache config file:

sudo nano /etc/httpd/conf/httpd.conf

Uncomment the following line:

Include conf/extra/httpd-ssl.conf

Restart the apache in order to bring in your changes into effect.

sudo systemctl restart httpd

Verify by viewing the new self-signed certificate by typing https://youraddress in your browser.

support2 has written 111 articles

Leave a Reply