Self Signed Certificates are useful for securing the information between web server and the user. A secure connection will be made by encrypting the site’s information. An SSL certificate can reveal the virtual private server’s identification information to the site visitors.
This tutorial will guide you to create and install Self Signed Certificates on Apache for Arch Linux.
This tutorial requires the user to have root privileges on VPS. Check the tutorial on Arch Linux Server SetUp to get it done.
Also, you need apache already installed and running on your virtual server. In case if you don’t have, download it with the following command:
sudo pacman -Syu sudo pacman -S apache
Switch to Apache Config Directory
First of all, move in to the main apache config directory:
Every subsequent step will be carried out from this directory.
Create an SSL Certificate
You need to create the new SSL certificate using 1024 rsa private key. You can use any size key you wish. Here, I will be using 1024 for simplicity.
The “-des3” option assigns the requirement for a passphrase. The passphrase ensures heightened security. In case if apache crashes or reboots, you will have to enter the passphrase in order to get the web server online.
sudo openssl genrsa -des3 -out server.key 1024
You can proceed to create a certificate signing request. You may be prompted to re-enter the passphrase in this step as well.
sudo openssl req -new -key server.key -out server.csr
You will be given a display of fields to be entered at your command prompt. Fill in as required. You will have to replace fields like CityName and CompanyName with your proper data.
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:ProvinceName Locality Name (eg, city) :CityName Organization Name (eg, company) [Internet Widgits Pty Ltd]:MyCompanyName Organizational Unit Name (eg, section) :OrganizationName Common Name (e.g. server FQDN or YOUR name) :yoursitename.com Email Address :[email protected]
Remove the passphrase using:
sudo cp server.key server.key.orgsudo openssl rsa -in server.key.org -out server.key
You can specify the validity of the certificate by changing the 365 days to your preference. By default, it expires after one year.
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Configuration File Changes
Now that your certificate has been created and signed, you need to include that in apache configuration file. Make the following changes to the main apache config file:
sudo nano /etc/httpd/conf/httpd.conf
Uncomment the following line:
Restart the apache in order to bring in your changes into effect.
sudo systemctl restart httpd
Verify by viewing the new self-signed certificate by typing https://youraddress in your browser.